[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-32797Date: (C)2021-08-10   (M)2023-12-22


JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn���t sanitize the action attribute of html `

`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.6CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 6.0Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx

CWE    1
CWE-79
OVAL    1
oval:org.secpod.oval:def:3301314

© SecPod Technologies