Search CVE reports
1 – 10 of 16 results
CVE-2024-43805
Medium priorityjupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or...
2 affected packages
jupyter-notebook, jupyterlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| jupyterlab | Not in release | Not in release | Not in release | — | — |
CVE-2024-22421
Medium priorityJupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken`...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2024-22420
Medium priorityJupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Not affected | Not affected | Not in release |
CVE-2023-35394
Medium priorityAzure HDInsight Jupyter Notebook Spoofing Vulnerability
3 affected packages
jupyter-core, jupyter-notebook, notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-core | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| jupyter-notebook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| notebook | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-25887
Medium priorityThe package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
2 affected packages
jupyter-notebook, node-sanitize-html
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| node-sanitize-html | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-29238
Medium prioritySome fixes available 2 of 5
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | — | Fixed | Fixed | Not affected | — |
CVE-2022-24758
Medium prioritySome fixes available 3 of 6
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-32798
Medium priorityThe Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | Not affected | Not affected | Needs evaluation | Needs evaluation | Ignored |
CVE-2020-26215
Medium prioritySome fixes available 2 of 3
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however,...
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Fixed | Fixed | Not in release |
CVE-2018-21030
Medium priorityJupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
1 affected package
jupyter-notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-notebook | — | Not affected | Not affected | Fixed | Not in release |