N/A

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.

N/A

N/A

Zepl Notebook 安全漏洞

Zepl Notebook是美国Zepl公司的一个提供交互数据分析且基于 Web 的笔记本。用于做出可数据驱动的、可交互且可协作的精美文档。 Zepl Notebook 存在安全漏洞，攻击者利用该漏洞执行远程代码。

N/A

N/A