VYPR
High severityNVD Advisory· Published Aug 9, 2021· Updated Aug 3, 2024

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

CVE-2021-32798

Description

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
notebookPyPI
< 5.7.115.7.11
notebookPyPI
>= 6.0.0, < 6.4.16.4.1

Affected products

6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.