CVE-2018-19352: Jupyter Notebook XSS via directory name
(updated )
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
References
- github.com/advisories/GHSA-3p4q-x8f3-p7vq
- github.com/jupyter/notebook
- github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
- github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
- github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2018-18.yaml
- nvd.nist.gov/vuln/detail/CVE-2018-19352
- pypi.org/project/notebook/
Detect and mitigate CVE-2018-19352 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →