CVE-2018-19352
Description
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jupyter Notebook before 5.7.2 has an XSS vulnerability in the tree view where a crafted directory name can execute arbitrary JavaScript.
Vulnerability
Jupyter Notebook versions before 5.7.2 contain a stored cross-site scripting (XSS) vulnerability in the tree view interface. The flaw resides in notebook/static/tree/js/notebooklist.js, which handles directory names unsafely when constructing breadcrumb links [1][2][3]. An attacker who can create a directory with a name containing malicious HTML/JavaScript can trigger script execution when a victim views that directory in the notebook tree [3].
Exploitation
To exploit this vulnerability, an attacker must have write access to the Jupyter file system (e.g., via the notebook interface or file upload) to create a directory with a crafted name containing JavaScript payloads. No additional user interaction beyond navigating to the parent directory is required; the malicious payload is automatically rendered when the tree page loads and constructs breadcrumb links using the unsafe directory name [2][3].
Impact
Successful exploitation results in arbitrary JavaScript execution in the context of the authenticated user's session. This can lead to theft of authentication tokens, session hijacking, arbitrary notebook operations, or data exfiltration, potentially compromising the entire Jupyter environment [2][3].
Mitigation
The vulnerability is fixed in Jupyter Notebook version 5.7.2 and later [1][3]. Users running versions prior to 5.7.2 should upgrade immediately. According to the project's maintenance policy, Notebook v5 is no longer actively supported; users are strongly advised to upgrade to Classic Notebook v6 or Notebook v7 [1]. No other workarounds have been disclosed in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
notebookPyPI | < 5.7.2 | 5.7.2 |
Affected products
1Patches
1288b73e1edbfMerge branch 'directory-xss'
2 files changed · +55 −23
docs/source/changelog.rst+15 −0 modified@@ -21,6 +21,21 @@ We strongly recommend that you upgrade pip to version 9+ of pip before upgrading Use ``pip install pip --upgrade`` to upgrade pip. Check pip version with ``pip --version``. +.. _release-5.7.2: + +5.7.2 +----- + +5.7.2 contains a security fix preventing malicious directory names +from being able to execute javascript. CVE request pending. + +.. _release-5.7.1: + +5.7.1 +----- + +5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending. + .. _release-5.7.0: 5.7.0
notebook/static/tree/js/notebooklist.js+40 −23 modified@@ -383,18 +383,28 @@ define([ breadcrumb.empty(); var list_item = $('<li/>'); var root_url = utils.url_path_join(that.base_url, '/tree'); - var root = $('<li/>').append('<a href="' + root_url + '"><i class="fa fa-folder"></i></a>').click(function(e) { - // Allow the default browser action when the user holds a modifier (e.g., Ctrl-Click) - if(e.altKey || e.metaKey || e.shiftKey) { - return true; - } - var path = ''; - window.history.pushState({ - path: path - }, 'Home', utils.url_path_join(that.base_url, 'tree')); - that.update_location(path); - return false; - }); + var root = $('<li/>').append( + $("<a/>") + .attr('href', root_url) + .append( + $("<i/>") + .addClass('fa fa-folder') + ) + .click(function(e) { + // Allow the default browser action when the user holds a modifier (e.g., Ctrl-Click) + if(e.altKey || e.metaKey || e.shiftKey) { + return true; + } + var path = ''; + window.history.pushState( + {path: path}, + 'Home', + utils.url_path_join(that.base_url, 'tree') + ); + that.update_location(path); + return false; + }) + ); breadcrumb.append(root); var path_parts = []; this.notebook_path.split('/').forEach(function(path_part) { @@ -405,17 +415,24 @@ define([ '/tree', utils.encode_uri_components(path) ); - var crumb = $('<li/>').append('<a href="' + url + '">' + path_part + '</a>').click(function(e) { - // Allow the default browser action when the user holds a modifier (e.g., Ctrl-Click) - if(e.altKey || e.metaKey || e.shiftKey) { - return true; - } - window.history.pushState({ - path: path - }, path, url); - that.update_location(path); - return false; - }); + var crumb = $('<li/>').append( + $('<a/>') + .attr('href', url) + .text(path_part) + .click(function(e) { + // Allow the default browser action when the user holds a modifier (e.g., Ctrl-Click) + if(e.altKey || e.metaKey || e.shiftKey) { + return true; + } + window.history.pushState( + {path: path}, + path, + url + ); + that.update_location(path); + return false; + }) + ); breadcrumb.append(crumb); }); this.contents.list_contents(that.notebook_path).then(
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-3p4q-x8f3-p7vqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19352ghsaADVISORY
- github.com/jupyter/notebook/blob/master/docs/source/changelog.rstghsax_refsource_MISCWEB
- github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2018-18.yamlghsaWEB
- pypi.org/project/notebook/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.