CVE-2018-21030: Improper Restriction of Rendered UI Layers or Frames
(updated )
Jupyter Notebook does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
References
Detect and mitigate CVE-2018-21030 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →