Vulnerability Details : CVE-2018-19351
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-19351
- cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19351
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19351
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-19351
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19351
-
https://pypi.org/project/notebook/#history
notebook · PyPIThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html
[SECURITY] [DLA 2432-1] jupyter-notebook security update
-
https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY
Google GroepenIssue Tracking;Third Party Advisory
-
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
notebook/changelog.rst at master · jupyter/notebook · GitHubRelease Notes
-
https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
Apply CSP sandboxing for nbconvert responses · jupyter/notebook@107a89f · GitHubPatch;Third Party Advisory
Jump to