CVE-2018-8768 Information

Description

In Jupyter Notebook before 5.4.1 a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically invalid HTML is ‘fixed’ by jQuery after sanitization making it dangerous.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://openwall.com/lists/oss-security/2018/03/15/2

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8