GHSA-gj55-2xf9-67rq: HTML injection in JupyterLite leading to DOM Clobbering
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access any data accessible from JupyterLite and perform arbitrary actions in JupyterLite environment.
References
Detect and mitigate GHSA-gj55-2xf9-67rq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →