Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @jupyterlab/apputils-extension is a JupyterLab - Application Utilities Extension Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the handling of `data-commandlinker-command` and `data-commandlinker-args` attributes in HTML content. An attacker can execute arbitrary commands, including code execution, file deletion, or denial of service by convincing a user to click a crafted button or link embedded in notebook or Markdown files. This can be achieved through shared files or links, and may result in information loss or server disruption. In some cases, multiple clicks and granting clipboard or keyboard access can allow further compromise, such as terminal access and command execution. How to fix Cross-site Scripting (XSS)? Upgrade `@jupyterlab/apputils-extension` to version 4.5.7, 4.6.0-alpha.5 or higher.	<4.5.7>=4.6.0-alpha.0 <4.6.0-alpha.5

Cross-site Scripting (XSS)

@jupyterlab/apputils-extension is a JupyterLab - Application Utilities Extension

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands, including code execution, file deletion, or denial of service by convincing a user to click a crafted button or link embedded in notebook or Markdown files. This can be achieved through shared files or links, and may result in information loss or server disruption. In some cases, multiple clicks and granting clipboard or keyboard access can allow further compromise, such as terminal access and command execution.

How to fix Cross-site Scripting (XSS)?

Upgrade @jupyterlab/apputils-extension to version 4.5.7, 4.6.0-alpha.5 or higher.

<4.5.7>=4.6.0-alpha.0 <4.6.0-alpha.5

Go back to all versions of this package