CVE-2015-7337 – notebook

Package

Manager: pip
Name: notebook
Vulnerable Version: >=4.0.0 <4.0.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00775 pctl0.72725

Details

Improper Input Validation in Jupyter Notebook The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Metadata

Created: 2022-05-17T03:25:49Z
Modified: 2024-09-20T21:54:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92mr-v722-f48m/GHSA-92mr-v722-f48m.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-92mr-v722-f48m
Finding: F184
Auto approve: 1