Dvandr

**Name of the Vulnerable Software and Affected Versions** Jupyter Notebook versions prior to 5.5.0 **Description** The issue arises from the lack of a Content Security Policy (CSP) header, which is used to define what sources of content are allowed to be executed within a web page. Without this header, files served by Jupyter Notebook are not treated as belonging to a separate origin, making them vulnerable to cross-site scripting (XSS) attacks. For instance, an XSS payload can be embedded in an SVG document. **Recommendations** For versions prior to 5.5.0, update to version 5.5.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: http-proxy versions prior to 0.7.0 Description: The issue allows an attacker to force an error, causing the server to crash and resulting in a denial of service. This is due to the way errors are handled in the affected versions. Recommendations: Update to version 0.7.0 or later.