In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is fixed by jQuery after sanitization, making it dangerous.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Notebook | Jupyter | * | 5.4.1 (excluding) |
Ipython | Ubuntu | esm-apps/xenial | * |
Ipython | Ubuntu | trusty | * |
Ipython | Ubuntu | upstream | * |
Ipython | Ubuntu | xenial | * |
Jupyter-notebook | Ubuntu | artful | * |
Jupyter-notebook | Ubuntu | cosmic | * |
Jupyter-notebook | Ubuntu | upstream | * |