CVE-2018-21030

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 5.5.0

Description The issue arises from the lack of a Content Security Policy (CSP) header, which is used to define what sources of content are allowed to be executed within a web page. Without this header, files served by Jupyter Notebook are not treated as belonging to a separate origin, making them vulnerable to cross-site scripting (XSS) attacks. For instance, an XSS payload can be embedded in an SVG document.

Recommendations For versions prior to 5.5.0, update to version 5.5.0 or later to resolve the issue.