In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is fixed by jQuery after sanitization, making it dangerous.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Notebook | Jupyter | * | 5.4.1 (excluding) |