Name of the Vulnerable Software and Affected Versions JupyterLite versions prior to 0.4.1

Description The issue depends on user interaction by opening a malicious notebook with Markdown cells or a Markdown file using the JupyterLab preview feature. A malicious user can access any data accessible from JupyterLite and perform arbitrary actions in the JupyterLite environment.

Recommendations For versions prior to 0.4.1, update to JupyterLite 0.4.1 to resolve the issue. As a temporary workaround, consider disabling the @jupyterlab/markdownviewer-extension:plugin, @jupyterlab/mathjax-extension:plugin, and @jupyterlab/mathjax2-extension:plugin (if installed) by populating the disabledExtensions key in the jupyter-config-data stanza of jupyter-lite.json. This will minimize the risk, but users will lose the ability to preview mathematical equations and open Markdown previews.