Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 10 of 16 results

CVE-2024-43805

Medium priority
Needs evaluation

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or...

2 affected packages

jupyter-notebook, jupyterlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Needs evaluation Needs evaluation Needs evaluation Needs evaluation
jupyterlab Not in release Not in release Not in release
Show less packages

CVE-2024-22421

Medium priority
Needs evaluation

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken`...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-22420

Medium priority
Not affected

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Not affected Not affected Not affected Not in release
Show less packages

CVE-2023-35394

Medium priority
Needs evaluation

Azure HDInsight Jupyter Notebook Spoofing Vulnerability

3 affected packages

jupyter-core, jupyter-notebook, notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-core Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
jupyter-notebook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
notebook Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2022-25887

Medium priority
Needs evaluation

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

2 affected packages

jupyter-notebook, node-sanitize-html

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
node-sanitize-html Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-29238

Medium priority

Some fixes available 2 of 5

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Fixed Fixed Not affected
Show less packages

CVE-2022-24758

Medium priority

Some fixes available 3 of 6

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Fixed Fixed Fixed Ignored
Show less packages

CVE-2021-32798

Medium priority
Needs evaluation

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Not affected Not affected Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2020-26215

Medium priority

Some fixes available 2 of 3

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however,...

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Not affected Fixed Fixed Not in release
Show less packages

CVE-2018-21030

Medium priority
Fixed

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

1 affected packages

jupyter-notebook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jupyter-notebook Not affected Not affected Fixed Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON