Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-18T17:00:00
Updated: 2020-11-19T06:06:10
Reserved: 2018-11-18T00:00:00
Link: CVE-2018-19351
JSON object: View
NVD Information
Status : Modified
Published: 2018-11-18T17:29:00.267
Modified: 2023-11-07T02:55:31.847
Link: CVE-2018-19351
JSON object: View
Redhat Information
No data.
CWE