The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-09T20:50:10

Updated: 2024-08-03T23:33:55.864Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32798

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-09T21:15:08.233

Modified: 2021-08-17T17:08:14.930

Link: CVE-2021-32798

cve-icon Redhat

No data.