Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jupyter Notebook 跨站脚本漏洞
Vulnerability Description
Jupyter Notebook是一套用于创建、共享代码和说明性文本文档的开源Web应用程序。 Jupyter Notebook 5.7.1之前版本中存在跨站脚本漏洞,该漏洞源于在notebook/nbconvert/handlers.py文件中,NbconvertFileHandler和NbconvertPostHandler没有设置内容安全策略。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A