nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
Description
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output to a PDF on a Windows platform from this directory, the inkscape.bat file is run unexpectedly. This issue has been patched in version 7.17.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nbconvertPyPI | < 7.17.0 | 7.17.0 |
Affected products
32- osv-coords31 versionspkg:apk/chainguard/jupyter-base-notebookpkg:apk/chainguard/jupyter-base-notebook-oci-entrypointpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/py3.10-nbconvertpkg:apk/chainguard/py3.10-nbconvert-binpkg:apk/chainguard/py3.11-nbconvertpkg:apk/chainguard/py3.11-nbconvert-binpkg:apk/chainguard/py3.12-nbconvertpkg:apk/chainguard/py3.12-nbconvert-binpkg:apk/chainguard/py3.13-nbconvertpkg:apk/chainguard/py3.13-nbconvert-binpkg:apk/chainguard/py3-nbconvertpkg:apk/chainguard/py3-supported-nbconvertpkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/wolfi/jupyter-base-notebookpkg:apk/wolfi/jupyter-base-notebook-oci-entrypointpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/py3.10-nbconvertpkg:apk/wolfi/py3.10-nbconvert-binpkg:apk/wolfi/py3.11-nbconvertpkg:apk/wolfi/py3.11-nbconvert-binpkg:apk/wolfi/py3.12-nbconvertpkg:apk/wolfi/py3.12-nbconvert-binpkg:apk/wolfi/py3.13-nbconvertpkg:apk/wolfi/py3.13-nbconvert-binpkg:apk/wolfi/py3-nbconvertpkg:apk/wolfi/py3-supported-nbconvertpkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/nbconvertpkg:rpm/opensuse/python-nbconvert&distro=openSUSE%20Tumbleweed
< 0+ 30 more
- (no CPE)range: < 0
- (no CPE)range: < 0.0.0_git20251220-r0
- (no CPE)range: < 0
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.0.0_git20251220-r0
- (no CPE)range: < 0
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.17.0-r0
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 7.16.6-r1
- (no CPE)range: < 0
- (no CPE)range: < 7.17.0
- (no CPE)range: < 7.17.1-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xm59-rqc7-hhvfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53000ghsaADVISORY
- github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.pyghsax_refsource_MISCWEB
- github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71ghsax_refsource_MISCWEB
- github.com/jupyter/nbconvert/issues/2258ghsax_refsource_MISCWEB
- github.com/jupyter/nbconvert/releases/tag/v7.17.0ghsax_refsource_MISCWEB
- github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvfghsax_refsource_CONFIRMWEB
- www.imperva.com/blog/code-execution-in-jupyter-notebook-exportsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.