notebook@4.2.1 vulnerabilities
Jupyter Notebook - A web-based notebook environment for interactive computing
-
latest version
7.2.2
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
3 months ago
-
licenses detected
- [0.0.0,7.0.0a5)
Direct Vulnerabilities
Known vulnerabilities in the notebook package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Access Restriction Bypass. When a fully authenticated request is sent to the notebook server which is configured with How to fix Access Restriction Bypass? Upgrade |
[,6.4.12)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Information Exposure by storing sensitive authentication cookies and other header values whenever an HTTP 5XX error is triggered in the server logs by default. How to fix Information Exposure? Upgrade |
[,6.4.10)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). HTML forms in Firefox do not send an Origin header, therefore it's possible to submit a POST request with an empty body to trigger certain actions, such as starting a kernel, avoiding the existing origin checks. How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,4.3.1)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Arbitrary Code Execution. An untrusted notebook can execute code on load due to failure of sanitizing special elements into a different plane. How to fix Arbitrary Code Execution? Upgrade |
[,5.7.11)
[6.0.0,6.4.1)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect. It is possible to maliciously craft links can only be reasonably made for known notebook server hosts. This could be used to redirect to a spoofed server on the public internet. How to fix Open Redirect? Upgrade |
[,6.1.5)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.5.0)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Remote Code Execution. A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. How to fix Remote Code Execution? Upgrade |
[,5.4.1)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect via an empty How to fix Open Redirect? Upgrade |
[,5.7.8)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.7.7)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Cross-site Inclusion. This is due to the package allowing inclusion of resources on malicious pages when visited by users who are authenticated via a Jupyter server. How to fix Cross-site Inclusion? Upgrade |
[,5.7.6)
|
notebook is an open-source web application that allows you to create and share documents that contain live code, equations, visualizations and narrative text. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks via a crafted directory name because How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.7.2)
|
notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks via an untrusted notebook because How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.7.1)
|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks due to improper validation of the CSRF token. A malicious user may be able to spawn new kernels and create empty, untitled files on the user's notebook server. Note: This affects users of Firefox or Microsoft (IE, Edge) browsers, and any other browsers that do not set the Origin header on cross-site forms. WebKit and Blink based browsers like Safari and Chrome are not affected. |
[,4.3.1)
|
Affected versions of this package are Arbitrary Code Execution. |
[,4.2.2)
|