CVE-2018-21030
Description
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jupyter Notebook before 5.5.0 lacked a Content Security Policy header, enabling XSS via malicious SVG files served from the same origin.
Vulnerability
Overview
Jupyter Notebook versions prior to 5.5.0 do not include a Content Security Policy (CSP) header that would treat served files as belonging to a separate origin [1][2]. This missing security control allows an attacker to craft an SVG document containing malicious JavaScript that, when served by the notebook server, executes in the context of the user's session, enabling cross-site scripting (XSS) attacks [1].
Attack
Vector and Exploitation
An attacker who can upload or place an SVG file onto a Jupyter Notebook server (for example, via a notebook attachment, a file upload feature, or if they have write access to the notebook's working directory) can embed a JavaScript payload within the SVG [2]. When any user views that SVG file through the notebook interface, the browser renders the SVG and executes the embedded script [1]. No additional user interaction beyond viewing the file is required, and the attack does not require authentication if the attacker can already place files on the server [2].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's Jupyter Notebook session. This can lead to session hijacking, data theft (including notebook content and API tokens), and unauthorized actions performed on behalf of the victim [2]. Because the SVG is served from the same origin as the notebook application, the attacker gains full access to the user's authenticated session without being restricted by same-origin policies that a CSP would normally enforce [1].
Mitigation
The vulnerability was fixed in Jupyter Notebook version 5.5.0, which was released on October 5, 2018 [4]. Users of Jupyter Notebook should upgrade to version 5.5.0 or later. Users still on Notebook v5 (which is now end-of-life) are strongly advised to upgrade to v6 or v7, as no further security patches are provided for v5 [3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
notebookPyPI | < 5.5.0rc1 | 5.5.0rc1 |
Affected products
2- Jupyter/Jupyter Notebookdescription
Patches
1e321c8077654Merge pull request #3341 from takluyver/csp-sandbox-files
2 files changed · +14 −0
notebook/base/handlers.py+7 −0 modified@@ -601,6 +601,13 @@ def prepare(self): class AuthenticatedFileHandler(IPythonHandler, web.StaticFileHandler): """static files should only be accessible when logged in""" + @property + def content_security_policy(self): + # In case we're serving HTML/SVG, confine any Javascript to a unique + # origin so it can't interact with the notebook server. + return super(AuthenticatedFileHandler, self).content_security_policy + \ + "; sandbox allow-scripts" + @web.authenticated def get(self, path): if os.path.splitext(path)[1] == '.ipynb' or self.get_argument("download", False):
notebook/files/handlers.py+7 −0 modified@@ -26,6 +26,13 @@ class FilesHandler(IPythonHandler): a subclass of StaticFileHandler. """ + @property + def content_security_policy(self): + # In case we're serving HTML/SVG, confine any Javascript to a unique + # origin so it can't interact with the notebook server. + return super(FilesHandler, self).content_security_policy + \ + "; sandbox allow-scripts" + @web.authenticated def head(self, path): self.get(path, include_body=False)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-jqwc-jm56-wcwjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-21030ghsaADVISORY
- github.com/jupyter/notebook/commit/e321c80776542b8d6f3411af16f9e21e51e27687ghsaWEB
- github.com/jupyter/notebook/pull/3341ghsax_refsource_MISCWEB
- github.com/jupyter/notebook/releases/tag/5.5.0ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2019-157.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2020/11/msg00033.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.