CNNVD-202512-3194 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3194

CVE-2025-53000

  • CNNVD Published: 2025-12-17

Description (Chinese)

nbconvert是Jupyter组织的一个格式转换库。将 Jupyter .ipynb 笔记本文档文件转换为另一种静态格式,包括 HTML、LaTeX、PDF、Markdown 等。 nbconvert 7.16.6及之前版本存在代码问题漏洞,该漏洞源于转换包含SVG输出的笔记本为PDF时处理不当,可能导致未授权代码执行。

Description (English)

nbconvert is a format transfer library for Jupyter. Converts the Jupyter .ipynb notebook document file to another static format, including HTML, LaTeX, PDF, Markdown, etc. Nbconvert 7.16.6 and earlier versions had a code problem loophole, which stemmed from the inappropriate handling of the transfer of the laptop containing SVG output to PDF, which could lead to unauthorized code enforcement.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Jupyter

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71 https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports https://github.com/jupyter/nbconvert/releases/tag/v7.17.0 https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104 https://github.com/jupyter/nbconvert/issues/2258

Share on: