The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-18T00:00:00

Updated: 2024-09-02T21:02:59.728Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32862

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-08-18T19:15:14.337

Modified: 2024-01-25T21:29:55.253

Link: CVE-2021-32862

cve-icon Redhat

No data.