FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Jupyter Notebook -- vulnerability

Affected packages
py27-notebook < 5.4.1
py34-notebook < 5.4.1
py35-notebook < 5.4.1
py36-notebook < 5.4.1

Details

VuXML ID b3edc7d9-9af5-4daf-88f1-61f68f4308c2
Discovery 2018-03-18
Entry 2018-03-19

MITRE reports:

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

References

CVE Name CVE-2018-8768
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768