ALT-PU-2022-7489-1
Package python3-module-nbconvert updated to version 7.2.6-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-08-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
Severity: MEDIUM (5.4)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
- https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
- https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
- https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
- https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
- [debian-lts-announce] 20230603 [SECURITY] [DLA 3442-1] nbconvert security update
- [debian-lts-announce] 20230603 [SECURITY] [DLA 3442-1] nbconvert security update
- https://lists.debian.org/debian-lts-announce/2024/09/msg00004.html