CyberSec.Space Logo
Back to CVE Browser

CVE-2021-32798

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile39.38th
PublishedAug 9, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

Affected Platforms (CPE)

πŸ“¦
Jupyter

Notebook

>= 5.7.0 and < 5.7.11
πŸ“¦
Jupyter

Notebook

= 6.4.0

References & Advisories

πŸ”— https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
πŸ”— https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
πŸ”— https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
πŸ”— https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797

Related Vulnerabilities

CVE-2011-315710.0

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote...

CVE-2011-315810.0

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote...

CVE-2011-315610.0

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote...

CVE-2011-315910.0

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote...