Cross-site scripting in Jupyter Notebook
Moderate severity
GitHub Reviewed
Published
Nov 8, 2019
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Oct 31, 2019
Reviewed
Nov 7, 2019
Published to the GitHub Advisory Database
Nov 8, 2019
Last updated
Feb 1, 2023
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
References