The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade Wolfi py3-jupyterlab to version 4.6.1-r1 or higher.
Note: Versions mentioned in the description apply only to the upstream py3-jupyterlab package and not the py3-jupyterlab package as distributed by Wolfi.
See How to fix? for Wolfi relevant fixed versions and status.
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). This issue is fixed in vega-functions 6.1.1. There is no workaround besides upgrading. Using vega.expressionInterpreter as described in CSP safe mode does not prevent this issue.