The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
References
Link | Resource |
---|---|
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq | Exploit Third Party Advisory |
https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm | Broken Link |
https://lists.debian.org/debian-lts-announce/2023/06/msg00003.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-08-18T00:00:00
Updated: 2023-06-03T00:00:00
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32862
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-18T19:15:14.337
Modified: 2024-01-25T21:29:55.253
Link: CVE-2021-32862
JSON object: View
Redhat Information
No data.
CWE