CVE-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

2021-08-0920:45:10

CWE-79

GitHub_M

www.cve.org

jupyterlab

xss

html form

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html <form>. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

CNA Affected

[
  {
    "product": "jupyterlab",
    "vendor": "jupyterlab",
    "versions": [
      {
        "status": "affected",
        "version": ">= 3.1.0, < 3.1.4"
      },
      {
        "status": "affected",
        "version": ">= 3.0.0, < 3.0.17"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.2"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.2.10"
      },
      {
        "status": "affected",
        "version": "< 1.2.1"
      }
    ]
  }
]