CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
ClassDraft
Description
The product does not adequately filter user-controlled input for special elements with control implications.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-81 · CAPEC-93
CVEs mapped to this weakness (21)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32797 | 0.00 | — | 0.03 | Aug 9, 2021 | JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is… |
- CVE-2021-32797Aug 9, 2021risk 0.00cvss —epss 0.03
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is…