CRITICAL🇵🇱 Wersja polska

CVE-2024-22891

CVSS 9.8v3.1pub. 2024-03-01upd. 2025-05-13

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-601 (Open Redirect) is exploited by embedding a malicious link in the Markdown content within an Nteract notebook. The application improperly processes or validates the content of such links, leading to unauthorized code execution on the victim's machine. Public proof-of-concept (PoC) code is available in the EQSTLab repository on GitHub.

Impact

An attacker can gain full control over the victim's system — the vulnerability provides a high level of impact on confidentiality, integrity, and system availability, which corresponds to the ability to execute arbitrary code with application privileges.

Mitigation & patch

Patches available from the vendor should be applied according to references. Avoid opening Nteract notebooks from untrusted sources until updates are applied.

Who is affected

Nteract version 0.28.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nteract

    APP
    Nteract
    0.28.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References