CVE-2021-43635

Name of the Vulnerable Software and Affected Versions Codex versions prior to 1.4.0

Description A Cross Site Scripting (XSS) issue exists via the Notebook/Page name field, allowing malicious users to execute arbitrary code through a crafted http code in a .json file.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting user input in the Notebook/Page name field to minimize the risk of exploitation.