CVE-2021-32798 — Cross-site Scripting in Notebook

CWE-79 — Cross-site Scripting CWE-75 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)9 documents6 sources

Severity

9.6CRITICALNVD

CNA10.0

EPSS

0.2%

top 54.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jupyter Notebook

Timeline

PublishedAug 9

Latest updateJun 30

Description

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5jupyter/notebook< 5.7.11+1

▶NVDjupyter/notebook5.7.0 — 5.7.11+1

▶PyPIjupyter/notebook6.0.0 — 6.4.1+1

🔴Vulnerability Details

GHSA

Jupyter server Token bruteforcing↗2022-06-16

▶

OSV

Jupyter server Token bruteforcing↗2022-06-16

▶

OSV

Special Element Injection in notebook↗2021-08-23

▶

GHSA

Special Element Injection in notebook↗2021-08-23

▶

CVEList

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook↗2021-08-09

▶

📋Vendor Advisories

Debian

CVE-2021-32798: jupyter-notebook - The Jupyter notebook is a web-based notebook environment for interactive computi...↗2021

▶

📄Research Papers

arXiv

Threat Assessment in Machine Learning based Systems↗2022-06-30

▶