Jupyter

Notebook

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2026-42557

  • EPSS 0.08%
  • Veröffentlicht 13.05.2026 15:06:14
  • Zuletzt bearbeitet 13.05.2026 16:32:31

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button el...

8.4

CVE-2026-40171

  • EPSS 0.13%
  • Veröffentlicht 06.05.2026 19:36:32
  • Zuletzt bearbeitet 07.05.2026 15:07:32

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the...

6.1

CVE-2024-43805

  • EPSS 0.43%
  • Veröffentlicht 28.08.2024 20:15:07
  • Zuletzt bearbeitet 30.08.2024 15:56:16

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using...

6.5

CVE-2024-22421

  • EPSS 0.14%
  • Veröffentlicht 19.01.2024 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:56:15

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a th...

6.1

CVE-2024-22420

  • EPSS 0.34%
  • Veröffentlicht 19.01.2024 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:56:15

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. ...

4.3

CVE-2022-29238

  • EPSS 0.51%
  • Veröffentlicht 14.06.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:46

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directori...

7.5

CVE-2022-24758

  • EPSS 0.49%
  • Veröffentlicht 31.03.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:51:01

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header valu...

9.6

CVE-2021-32798

Exploit
  • EPSS 0.17%
  • Veröffentlicht 09.08.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:45

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja byp...

6.1

CVE-2020-26215

  • EPSS 0.77%
  • Veröffentlicht 18.11.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:32

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously cra...

5.3

CVE-2018-21030

  • EPSS 0.37%
  • Veröffentlicht 31.10.2019 15:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:44

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.