Lucene search

MitreCVE-2023-51277

HistoryJan 05, 2024 - 5:15 a.m.

CVE-2023-51277

2024-01-0505:15:08

mitre

web.nvd.nist.gov

cve-2023-51277

nbviewer-app

jupyter notebook viewer

security vulnerability

get-task-allow entitlement

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

Affected configurations

Nvd

Node

tinowagnerjupyter_notebook_viewerRange<0.1.6macos

VendorProductVersionCPE
tinowagnerjupyter_notebook_viewer*cpe:2.3:a:tinowagner:jupyter_notebook_viewer:*:*:*:*:*:macos:*:*

Vendor	Product	Version	CPE
tinowagner	jupyter_notebook_viewer	*	cpe:2.3:a:tinowagner:jupyter_notebook_viewer::::::macos::*

References

developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087731

github.com/tuxu/nbviewer-app/commit/dc1e4ddf64c78e13175a39b076fa0646fc62e581

github.com/tuxu/nbviewer-app/compare/0.1.5...0.1.6

www.youtube.com/watch?v=c0nawqA_bdI

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Related for CVE-2023-51277