Published: 09/08/2021 Updated: 17/08/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an malicious user to execute arbitrary code on the victim computer using Jupyter APIs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jupyter notebook
jupyter notebook 6.4.0

Debian Bug report logs - #992704 jupyter-notebook: CVE-2021-32798 Package: src:jupyter-notebook; Maintainer for src:jupyter-notebook is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Aug 2021 15:09:01 UTC Severity: grave Tags: security, upstrea ...

In Jupyiter notebook before version 641, an untrusted notebook can execute code on load Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs A public Caja bypass can be used to trigger a cross-site scripting (XSS) attack when a victim opens a malicious ipynb document in Jupyter Notebook The XSS allows an attacker t ...

CWE-79 https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992704 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-32798

CVE-2021-32798

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect