logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-43805 notebook

Package

Manager: pip
Name: notebook
Vulnerable Version: >=7.0.0 <7.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00259 pctl0.49054

Details

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering ### Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. ### Patches JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched. ### Workarounds There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: - `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations - `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews - `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x To disable these extensions run: ```bash jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin jupyter labextension disable @jupyterlab/mathjax-extension:plugin jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` To confirm that the plugins were disabled run: ```bash jupyter labextension list ``` ### References None ### Notes This change has a potential to break rendering of some markdown. There is a setting in Sanitizer which allows to revert to the previous sanitizer settings (`allowNamedProperties`).

Metadata

Created: 2024-08-29T17:55:53Z
Modified: 2024-08-29T17:55:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-9q39-rmj3-p4r2/GHSA-9q39-rmj3-p4r2.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9q39-rmj3-p4r2
Finding: F008
Auto approve: 1