CVE-2021-42950

Name of the Vulnerable Software and Affected Versions Zepl Notebooks versions prior to October 25, 2021

Description A Remote Code Execution (RCE) issue exists, allowing malicious users to create new Zepl Notebooks with specially crafted malicious code, which can then launch remote code execution. This occurs after a user authenticates and creates a new organization, enabling collaboration abilities and the addition of users. The issue is exploited by creating a new notebook with malicious code.

Recommendations For Zepl Notebooks versions prior to October 25, 2021, update to a version released after October 25, 2021, to resolve the issue. As a temporary workaround, consider restricting the creation of new notebooks and limiting collaboration abilities to minimize the risk of exploitation.