RSS   Vulnerabilities for 'Jupyterlab'   RSS

2021-08-09
 
CVE-2021-32797

CWE-79
 

 
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn�??t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

 

 >>> Vendor: Jupyter 10 Products
Notebook
Oauthenticator
Jupyter server
Jupyterhub
Jupyterlab
Binderhub
Nbdime
Nbdime-jupyterlab
Jupyter server proxy
Dockerspawner


Copyright 2024, cxsecurity.com

 

Back to Top