ipywidgets@5.0.0 vulnerabilities

Jupyter interactive widgets

Direct Vulnerabilities

Known vulnerabilities in the ipywidgets package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary Code Execution

Affected versions of this package are vulnerable to Arbitrary Code Execution via the widget snapshotting feature that enables javascript code execution upon loading and saving a Jupyter Notebook.

Note:

This issue specifically affects ipywidgets when used with the Jupyter Notebook.

How to fix Arbitrary Code Execution?

Upgrade ipywidgets to version 5.2.0 or higher.

[5.0.0,5.2.0)
  • M
Arbitrary Code Execution

ipywidgets is HTML widgets for Jupyter.

Affected versions of this package are vulnerable to Arbitrary Code Execution. A widget snapshotting feature was introduced in ipywidgets 5.0.0 allowed execution of javascript code upon on loading and saving of a notebook.

Note: This only affects ipywidgets in conjunction with the Jupyter Notebook.

[5.0.0,5.1.5)