PT-2018-18623 · Project Jupyter+1 · Jupyter Notebook+1

Publicado

2018-03-18

Atualizado

2021-03-15

CVE-2018-8768

CVSS v4.0

8.4

Alta

Vetor

AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 5.4.1

Description A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

Recommendations For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of jQuery in the notebook context until a patch is available. Restrict access to maliciously forged notebook files to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-8768

DLA-2432-1

GHSA-6CWV-X26C-W2Q4

MGASA-2018-0182

OPENSUSE-SU-2024:11242-1

PYSEC-2018-57

USN-4855-1

Produtos afetados

Jupyter Notebook

Ubuntu

PT-2018-18623 · Project Jupyter+1 · Jupyter Notebook+1

CVE-2018-8768

Identificadores relacionados

Produtos afetados

Referências · 22