PT-2026-53454 · Pypi · Jupyter Server
Publicado
2026-06-29
·
Atualizado
2026-06-29
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
The nbconvert HTTP handlers in jupyter server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their
Content-Security-Policy.Combined with
nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE.Impact
An authenticated victim who navigates to
/nbconvert/html/<path> containing attacker-authored output can have their token exfiltrated to another domain because it is executed in the Jupyter origin.Patches
Fixed in v2.20.0, commit [6cbee8d](https://github.com/jupyter-server/jupyter server/commit/6cbee8d65e71abac851c4492fea987ad080580bd)
Workarounds
For deployments where editing the installed jupyter server is impractical (containerized builds, read-only images), adding this to jupyter server config.py has the same effect as the patch above without touching source files:
import jupyter server.nbconvert.handlers as nb
def csp(self):
return super(type(self), self).content security policy + "; sandbox allow-scripts"
nb.NbconvertFileHandler.content security policy = property( csp)
nb.NbconvertPostHandler.content security policy = property( csp)Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jupyter Server