HIGH🇵🇱 Wersja polska

CVE-2018-8768

CVSS 7.8v3.0pub. 2018-03-18upd. 2024-11-21

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Jupyter Notebook

    APP
    Jupyter
    < 5.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-32798CRITICAL10.0ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untru...

CVE-2026-42557HIGH8.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-43805HIGH7.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-22421HIGH7.6ten sam produkt

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2022-24758HIGH7.5ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, un...