CVE-2018-8768

Vulnerability

In Jupyter Notebook versions prior to 5.4.1, a maliciously crafted notebook file can bypass HTML sanitization and execute JavaScript in the notebook context. The sanitization process fails because jQuery subsequently 'fixes' invalid HTML, reintroducing dangerous content. Specifically, the vulnerability affects the GET /notebook/** endpoint and all notebook versions ≤ 5.4.0 [1][3].

Exploitation

An attacker must convince a Jupyter Notebook user to open a notebook file that contains specially crafted, invalid HTML. When the notebook is rendered, Jupyter's sanitizer does not fully neutralize the payload; jQuery then 'fixes' the invalid markup, resulting in the execution of embedded JavaScript in the user's browser session. No authentication beyond user interaction is required, as the attack relies on the victim opening the malicious notebook file [1][3].

Impact

Successful exploitation allows execution of arbitrary JavaScript in the context of the Jupyter notebook session. This can lead to data exfiltration, modification of notebook content, or further interaction with the Jupyter server on behalf of the victim. The attacker effectively gains the same privileges as the authenticated user viewing the notebook [1][3].

Mitigation

Upgrade to Jupyter Notebook version 5.4.1 or later, which contains the fix. For users still on version 5.x, version 5.4.1 is the minimum safe release. Users of Classic Notebook v6 or Notebook v7 are not affected by this specific vulnerability, as those versions are maintained separately. No known workaround exists for unpatched versions other than upgrading [2][3][4].