Published: 18/11/2018 Updated: 17/12/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Jupyter Notebook prior to 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jupyter notebook

Debian Bug report logs - #917408 jupyter-notebook: CVE-2018-19352 Package: src:jupyter-notebook; Maintainer for src:jupyter-notebook is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Dec 2018 13:33:01 UTC Severity: grave Ta ...

A security issue has been found in Jupyter Notebook versions prior to 572, where untrusted javascript could be executed if malicious files could be delivered to the users system and the user takes specific actions with those malicious files It allowed maliciously crafted directory names to execute javascript when opened in the tree view ...

CWE-79 https://pypi.org/project/notebook/#history https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648 https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917408 https://nvd.nist.gov https://security.archlinux.org/CVE-2018-19352

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19352

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect