CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
jupyternotebook
𝑥
< 5.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jupyter-notebook
bullseye
6.2.0-1
fixed
bookworm
6.4.12-2.2
fixed
sid
6.4.13-2
fixed
trixie
6.4.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jupyter-notebook
jammy
not-affected
impish
ignored
hirsute
ignored
groovy
ignored
focal
not-affected
eoan
ignored
disco
not-affected
cosmic
ignored
bionic
Fixed 5.2.2-1ubuntu0.1
released
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
https://groups.google.com/forum/#%21topic/jupyter/hWzu2BSsplY
https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html
https://pypi.org/project/notebook/#history
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
https://groups.google.com/forum/#%21topic/jupyter/hWzu2BSsplY
https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html
https://pypi.org/project/notebook/#history