Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can inject arbitrary HTML when generating HTML from a crafted notebook. The vulnerable points are: the field `notebook.metadata.language_info.pygments_lexer` the nodes `notebook.metadata.title` `notebook.metadata.widgets` `notebook.cell.metadata.tags` `notebook.cell.output.svg_filename` `output.metadata.filenames` `cell.output.metadata.width` `cell.output.metadata.height` and output data of the cells `text/html` `image/svg+xml` `text/markdown` `application/javascript` `cell.output.data["images/png"]` `cell.output.data["images/jpeg"]` `output.metadata.filenames['image/png']` `output.metadata.filenames['image/jpeg']` `application/vnd.jupyter.widget-state+json` `application/vnd.jupyter.widget-view+json` `raw` type `markdown` type How to fix Cross-site Scripting (XSS)? Upgrade `nbconvert` to version 6.3.0b0 or higher.	[,6.3.0b0)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can inject arbitrary HTML when generating HTML from a crafted notebook. The vulnerable points are:

the field

notebook.metadata.language_info.pygments_lexer

the nodes

notebook.metadata.title
notebook.metadata.widgets
notebook.cell.metadata.tags
notebook.cell.output.svg_filename
output.metadata.filenames
cell.output.metadata.width
cell.output.metadata.height

and output data of the cells

text/html
image/svg+xml
text/markdown
application/javascript
cell.output.data["images/png"]
cell.output.data["images/jpeg"]
output.metadata.filenames['image/png']
output.metadata.filenames['image/jpeg']
application/vnd.jupyter.widget-state+json
application/vnd.jupyter.widget-view+json
raw type
markdown type

How to fix Cross-site Scripting (XSS)?

Upgrade nbconvert to version 6.3.0b0 or higher.

[,6.3.0b0)

Go back to all versions of this package