CVE-2018-8768

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 5.4.1

Description A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

Recommendations For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of jQuery in the notebook context until a patch is available. Restrict access to maliciously forged notebook files to minimize the risk of exploitation.