CVE-2021-32797: JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
(updated )
Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.
References
- github.com/advisories/GHSA-4952-p58q-6crx
- github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx
- github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed
- github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx
- github.com/pypa/advisory-database/tree/main/vulns/jupyterlab/PYSEC-2021-130.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-32797
Code Behaviors & Features
Detect and mitigate CVE-2021-32797 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →