0Xdeva

**Name of the Vulnerable Software and Affected Versions** JupyterLab versions prior to 1.2.21 JupyterLab versions prior to 2.2.10 JupyterLab versions prior to 2.3.2 JupyterLab versions prior to 3.0.17 JupyterLab versions prior to 3.1.4 **Description** In affected versions, an untrusted notebook can execute code on load, allowing for remote code execution. This requires user action to open a notebook. The issue arises from JupyterLab's failure to sanitize the action attribute of HTML `<form>`, enabling the triggering of form validation outside the form itself. **Recommendations** For versions prior to 1.2.21, update to version 1.2.21 or later. For versions prior to 2.2.10, update to version 2.2.10 or later. For versions prior to 2.3.2, update to version 2.3.2 or later. For versions prior to 3.0.17, update to version 3.0.17 or later. For versions prior to 3.1.4, update to version 3.1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Jupyter Notebook versions prior to 5.7.11 Jupyter Notebook versions prior to 6.4.1 **Description** The issue is related to the incorrect filtering of special symbols in the Caja component of the Jupyter Notebook environment, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. In affected versions, an untrusted notebook can execute code on load, and Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook, allowing an attacker to execute arbitrary code on the victim's computer using Jupyter APIs. **Recommendations** For versions prior to 5.7.11, update to version 5.7.11 or later. For versions prior to 6.4.1, update to version 6.4.1 or later. As a temporary workaround, consider restricting the execution of untrusted notebooks to minimize the risk of exploitation. Avoid opening malicious ipynb documents in Jupyter Notebook until the issue is resolved.