CVE Vulnerability

CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://pypi.org/project/notebook/#history Third Party Advisory
https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY Issue Tracking Third Party Advisory
https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491 Patch Third Party Advisory
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst Release Notes
https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html
Configurations

Configuration 1

cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*
Information

Published : 2018-11-18 05:29

Updated : 2020-11-19 07:15

NVD link : CVE-2018-19351

Mitre link : CVE-2018-19351

Products Affected
No products.
CWE
CWE-79