Search CVE reports
1 – 10 of 16 results
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or...
2 affected packages
jupyterlab, jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyterlab | Not in release | Not in release | Not in release | — |
| jupyter-notebook | Not affected | Not affected | Not affected | Not affected |
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken`...
2 affected packages
jupyter-notebook, jupyterlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | Not affected | Not affected | Not affected | Not affected |
| jupyterlab | Not in release | Not in release | Not in release | — |
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Not affected | Not affected |
Azure HDInsight Jupyter Notebook Spoofing Vulnerability
3 affected packages
jupyter-core, jupyter-notebook, notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-core | Not affected | Not affected | Not affected | Not affected |
| jupyter-notebook | Not affected | Not affected | Not affected | Not affected |
| notebook | Not in release | Not in release | Not in release | Not affected |
Some fixes available 2 of 5
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | — | Fixed | Fixed | Not affected |
Some fixes available 4 of 14
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
2 affected packages
jupyter-notebook, node-sanitize-html
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | Fixed | Fixed | Not affected | Not affected |
| node-sanitize-html | Needs evaluation | Needs evaluation | Not in release | Not in release |
Some fixes available 3 of 6
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | — | Fixed | Fixed | Fixed |
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | Not affected | Not affected | Needs evaluation | Needs evaluation |
Some fixes available 2 of 3
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however,...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Fixed | Fixed |
Some fixes available 1 of 3
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Not affected | Fixed |