cvelistv5 - cve-2021-32797

CVE-2021-32797 (GCVE-0-2021-32797)

Vulnerability from cvelistv5 – Published: 2021-08-09 20:45 – Updated: 2024-08-03 23:33

Summary

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/jupyterlab/jupyterlab/security…	x_refsource_CONFIRM
	https://github.com/jupyterlab/jupyterlab/commit/5…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	jupyterlab	jupyterlab	Affected: >= 3.1.0, < 3.1.4 Affected: >= 3.0.0, < 3.0.17 Affected: >= 2.3.0, < 2.3.2 Affected: >= 2.0.0, < 2.2.10 Affected: < 1.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyterlab",
          "vendor": "jupyterlab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.1.0, \u003c 3.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.2.10"
            },
            {
              "status": "affected",
              "version": "\u003c 1.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-09T20:45:10",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
        }
      ],
      "source": {
        "advisory": "GHSA-4952-p58q-6crx",
        "discovery": "UNKNOWN"
      },
      "title": "JupyterLab: XSS due to lack of sanitization of the action attribute of an html \u003cform\u003e",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32797",
          "STATE": "PUBLIC",
          "TITLE": "JupyterLab: XSS due to lack of sanitization of the action attribute of an html \u003cform\u003e"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jupyterlab",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 3.1.0, \u003c 3.1.4"
                          },
                          {
                            "version_value": "\u003e= 3.0.0, \u003c 3.0.17"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.2"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.2.10"
                          },
                          {
                            "version_value": "\u003c 1.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "jupyterlab"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx",
              "refsource": "CONFIRM",
              "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
            },
            {
              "name": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed",
              "refsource": "MISC",
              "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4952-p58q-6crx",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32797",
    "datePublished": "2021-08-09T20:45:10",
    "dateReserved": "2021-05-12T00:00:00",
    "dateUpdated": "2024-08-03T23:33:56.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.21\", \"matchCriteriaId\": \"9F55BD7C-58C2-4138-BA4E-29955AAB4BC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.2.10\", \"matchCriteriaId\": \"8592C189-B3B5-4CA7-B307-3FAD881C1AA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndExcluding\": \"2.3.2\", \"matchCriteriaId\": \"7B6DC37D-4F40-4405-9912-C1BB5F30B866\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.0.17\", \"matchCriteriaId\": \"F53B6289-7C90-493D-9115-9C9A2C5B9C55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1.0\", \"versionEndExcluding\": \"3.1.4\", \"matchCriteriaId\": \"9C66C0CF-ECC1-4578-92EC-E883BF9A9E53\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.\"}, {\"lang\": \"es\", \"value\": \"JupyterLab, es una interfaz de usuario para el Proyecto Jupyter que eventualmente reemplazar\\u00e1 al cl\\u00e1sico Jupyter Notebook. En las versiones afectadas del notebook no confiable puede ejecutar c\\u00f3digo en la carga. En particular, JupyterLab no sanea el atributo action del html \\\"(form)\\\". Usando esto es posible desencadenar la comprobaci\\u00f3n del formulario fuera del propio formulario. Esto es una ejecuci\\u00f3n de c\\u00f3digo remota , pero requiere la acci\\u00f3n del usuario para abrir un notebook\"}]",
      "id": "CVE-2021-32797",
      "lastModified": "2024-11-21T06:07:45.790",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-08-09T21:15:08.140",
      "references": "[{\"url\": \"https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-32797\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-08-09T21:15:08.140\",\"lastModified\":\"2024-11-21T06:07:45.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.\"},{\"lang\":\"es\",\"value\":\"JupyterLab, es una interfaz de usuario para el Proyecto Jupyter que eventualmente reemplazar\u00e1 al cl\u00e1sico Jupyter Notebook. En las versiones afectadas del notebook no confiable puede ejecutar c\u00f3digo en la carga. En particular, JupyterLab no sanea el atributo action del html \\\"(form)\\\". Usando esto es posible desencadenar la comprobaci\u00f3n del formulario fuera del propio formulario. Esto es una ejecuci\u00f3n de c\u00f3digo remota , pero requiere la acci\u00f3n del usuario para abrir un notebook\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.21\",\"matchCriteriaId\":\"9F55BD7C-58C2-4138-BA4E-29955AAB4BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.2.10\",\"matchCriteriaId\":\"8592C189-B3B5-4CA7-B307-3FAD881C1AA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"7B6DC37D-4F40-4405-9912-C1BB5F30B866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.17\",\"matchCriteriaId\":\"F53B6289-7C90-493D-9115-9C9A2C5B9C55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.1.4\",\"matchCriteriaId\":\"9C66C0CF-ECC1-4578-92EC-E883BF9A9E53\"}]}]}],\"references\":[{\"url\":\"https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2021-32797

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-32797

Aliases

CVE-2021-32797

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-32797",
    "description": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
    "id": "GSD-2021-32797",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-32797.html",
      "https://security.archlinux.org/CVE-2021-32797",
      "https://advisories.mageia.org/CVE-2021-32797.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32797"
      ],
      "details": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
      "id": "GSD-2021-32797",
      "modified": "2023-12-13T01:23:09.134020Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-32797",
        "STATE": "PUBLIC",
        "TITLE": "JupyterLab: XSS due to lack of sanitization of the action attribute of an html \u003cform\u003e"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "jupyterlab",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 3.1.0, \u003c 3.1.4"
                        },
                        {
                          "version_value": "\u003e= 3.0.0, \u003c 3.0.17"
                        },
                        {
                          "version_value": "\u003e= 2.3.0, \u003c 2.3.2"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.2.10"
                        },
                        {
                          "version_value": "\u003c 1.2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "jupyterlab"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx",
            "refsource": "CONFIRM",
            "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
          },
          {
            "name": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed",
            "refsource": "MISC",
            "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4952-p58q-6crx",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.2.21||\u003e=2.0.0,\u003c2.2.10||\u003e=2.3.0,\u003c2.3.2||\u003e=3.0.0,\u003c3.0.17||\u003e=3.1.0,\u003c3.1.4",
          "affected_versions": "All versions before 1.2.21, all versions starting from 2.0.0 before 2.2.10, all versions starting from 2.3.0 before 2.3.2, all versions starting from 3.0.0 before 3.0.17, all versions starting from 3.1.0 before 3.1.4",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-04-07",
          "description": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this, it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
          "fixed_versions": [
            "1.2.21",
            "2.2.10",
            "2.3.2",
            "3.0.17",
            "3.1.4"
          ],
          "identifier": "CVE-2021-32797",
          "identifiers": [
            "CVE-2021-32797",
            "GHSA-4952-p58q-6crx"
          ],
          "not_impacted": "All versions starting from 1.2.21 before 2.0.0, all versions starting from 2.2.10 before 2.3.0, all versions starting from 2.3.2 before 3.0.0, all versions starting from 3.0.17 before 3.1.0, all versions starting from 3.1.4",
          "package_slug": "pypi/jupyterlab",
          "pubdate": "2021-08-09",
          "solution": "Upgrade to versions 1.2.21, 2.2.10, 2.3.2, 3.0.17, 3.1.4 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32797"
          ],
          "uuid": "2d674e0d-fc66-4a82-a8c1-6fc38b8b27c3"
        },
        {
          "affected_range": "\u003c5.7.11||\u003e=6.0.0,\u003c6.4.1",
          "affected_versions": "All versions before 5.7.11, all versions starting from 6.0.0 before 6.4.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-10-20",
          "description": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
          "fixed_versions": [
            "5.7.11",
            "6.4.1"
          ],
          "identifier": "CVE-2021-32797",
          "identifiers": [
            "GHSA-4952-p58q-6crx",
            "CVE-2021-32797"
          ],
          "not_impacted": "All versions starting from 5.7.11 before 6.0.0, all versions starting from 6.4.1",
          "package_slug": "pypi/notebook",
          "pubdate": "2021-08-23",
          "solution": "Upgrade to versions 5.7.11, 6.4.1 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation ",
          "urls": [
            "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-32797",
            "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed",
            "https://github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx",
            "https://github.com/advisories/GHSA-4952-p58q-6crx"
          ],
          "uuid": "4a389301-09e0-41c0-8053-63c6803e4052"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.21",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.10",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.2",
                "versionStartIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.17",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1.4",
                "versionStartIncluding": "3.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32797"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
            },
            {
              "name": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2022-04-07T18:40Z",
      "publishedDate": "2021-08-09T21:15Z"
    }
  }
}

GHSA-4952-P58Q-6CRX

Vulnerability from github – Published: 2021-08-23 19:40 – Updated: 2024-11-18 16:26

Summary

JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Details

Impact

Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.

Patches

Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.

References

OWASP Page on Restricting Form Submissions

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: Guillaume Jeanne from Google

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

6.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0a0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0a0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0a0"
            },
            {
              "fixed": "3.0.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0a0"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.7.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-79",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T16:41:37Z",
    "nvd_published_at": "2021-08-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nUntrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.\n\n### Patches\n\nPatched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.\n\n### References\n\n[OWASP Page on Restricting Form Submissions](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.\n\nCredit: Guillaume Jeanne from Google\n",
  "id": "GHSA-4952-p58q-6crx",
  "modified": "2024-11-18T16:26:15Z",
  "published": "2021-08-23T19:40:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32797"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterlab/PYSEC-2021-130.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "JupyterLab: XSS due to lack of sanitization of the action attribute of an html \u003cform\u003e"
}

PYSEC-2021-130

Vulnerability from pysec - Published: 2021-08-09 21:15 - Updated: 2021-08-27 03:22

Details

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html <form>. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Impacted products

Name	purl
jupyterlab	pkg:pypi/jupyterlab

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab",
        "purl": "pkg:pypi/jupyterlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "504825938c0abfa2fb8ff8d529308830a5ae42ed"
            }
          ],
          "repo": "https://github.com/jupyterlab/jupyterlab",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.21"
            },
            {
              "introduced": "2"
            },
            {
              "fixed": "2.2.10"
            },
            {
              "introduced": "2.3"
            },
            {
              "fixed": "2.3.2"
            },
            {
              "introduced": "3"
            },
            {
              "fixed": "3.0.17"
            },
            {
              "introduced": "3.1"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1",
        "0.0.10",
        "0.0.13",
        "0.0.2",
        "0.0.3",
        "0.0.4",
        "0.0.5",
        "0.0.6",
        "0.0.7",
        "0.0.8",
        "0.0.9",
        "0.1.1",
        "0.1.2",
        "0.10.0",
        "0.11.0",
        "0.11.1",
        "0.11.2",
        "0.11.3",
        "0.12.0",
        "0.12.1",
        "0.13.0",
        "0.13.1",
        "0.13.2",
        "0.14.0",
        "0.15.0",
        "0.15.1",
        "0.16.0",
        "0.16.2",
        "0.17.0",
        "0.17.1",
        "0.17.2",
        "0.17.4",
        "0.17.5",
        "0.18.0",
        "0.18.0.dev1",
        "0.18.1",
        "0.19.0",
        "0.2.0",
        "0.20.0",
        "0.20.0rc1",
        "0.20.1",
        "0.20.2",
        "0.20.3",
        "0.20.4",
        "0.21.0",
        "0.21.0rc1",
        "0.21.0rc2",
        "0.21.0rc3",
        "0.21.0rc4",
        "0.21.0rc5",
        "0.22.0",
        "0.22.0rc0",
        "0.22.1",
        "0.23.0",
        "0.23.0rc0",
        "0.23.0rc1",
        "0.23.1",
        "0.23.2",
        "0.24.0",
        "0.24.0rc0",
        "0.24.0rc1",
        "0.24.0rc2",
        "0.24.1",
        "0.25.0",
        "0.25.0rc0",
        "0.25.0rc1",
        "0.25.1",
        "0.25.2",
        "0.25.2rc0",
        "0.26.0",
        "0.26.0rc0",
        "0.26.0rc1",
        "0.26.1",
        "0.26.2",
        "0.26.3",
        "0.26.4",
        "0.26.5",
        "0.27.0",
        "0.27.0rc0",
        "0.27.0rc1",
        "0.27.0rc2",
        "0.27.0rc3",
        "0.27.0rc4",
        "0.27.0rc5",
        "0.27.1",
        "0.27.2",
        "0.28.0",
        "0.28.0rc0",
        "0.28.0rc1",
        "0.28.0rc2",
        "0.28.0rc3",
        "0.28.1",
        "0.28.10",
        "0.28.11",
        "0.28.12",
        "0.28.13",
        "0.28.14",
        "0.28.15",
        "0.28.2",
        "0.28.3",
        "0.28.4",
        "0.28.5",
        "0.28.6",
        "0.28.7",
        "0.28.8",
        "0.29.0",
        "0.29.0rc0",
        "0.29.1",
        "0.29.2",
        "0.3.0",
        "0.30.0",
        "0.30.0rc0",
        "0.30.0rc1",
        "0.30.1",
        "0.30.2",
        "0.30.3",
        "0.30.4",
        "0.30.5",
        "0.30.6",
        "0.31.0",
        "0.31.0rc0",
        "0.31.0rc1",
        "0.31.0rc2",
        "0.31.1",
        "0.31.10",
        "0.31.11",
        "0.31.12",
        "0.31.2",
        "0.31.3",
        "0.31.4",
        "0.31.5",
        "0.31.6",
        "0.31.7",
        "0.31.8",
        "0.31.9",
        "0.32.0",
        "0.32.0rc0",
        "0.32.0rc1",
        "0.32.1",
        "0.33.0",
        "0.33.0rc0",
        "0.33.0rc1",
        "0.33.1",
        "0.33.10",
        "0.33.11",
        "0.33.12",
        "0.33.2",
        "0.33.3",
        "0.33.4",
        "0.33.5",
        "0.33.6",
        "0.33.7",
        "0.33.8",
        "0.33.9",
        "0.34.0",
        "0.34.0rc0",
        "0.34.0rc1",
        "0.34.0rc2",
        "0.34.1",
        "0.34.10",
        "0.34.11",
        "0.34.12",
        "0.34.2",
        "0.34.3",
        "0.34.4",
        "0.34.5",
        "0.34.6",
        "0.34.7",
        "0.34.8",
        "0.34.9",
        "0.35.0",
        "0.35.0rc0",
        "0.35.0rc1",
        "0.35.0rc2",
        "0.35.1",
        "0.35.2",
        "0.35.3",
        "0.35.4",
        "0.35.5",
        "0.35.6",
        "0.4.0",
        "0.4.1",
        "0.5.0",
        "0.6.0",
        "0.7.0",
        "0.8.0",
        "0.9.0",
        "0.9.1",
        "1.0.0",
        "1.0.0a0",
        "1.0.0a1",
        "1.0.0a10",
        "1.0.0a2",
        "1.0.0a3",
        "1.0.0a4",
        "1.0.0a5",
        "1.0.0a6",
        "1.0.0a7",
        "1.0.0a8",
        "1.0.0a9",
        "1.0.0rc0",
        "1.0.0rc1",
        "1.0.1",
        "1.0.10",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.6",
        "1.0.7",
        "1.0.9",
        "1.1.0",
        "1.1.0a0",
        "1.1.0a1",
        "1.1.0a2",
        "1.1.0rc0",
        "1.1.1",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.1.5",
        "1.2.0",
        "1.2.0a0",
        "1.2.0a1",
        "1.2.0a2",
        "1.2.0a3",
        "1.2.0rc0",
        "1.2.1",
        "1.2.10",
        "1.2.11",
        "1.2.12",
        "1.2.13",
        "1.2.14",
        "1.2.15",
        "1.2.16",
        "1.2.17",
        "1.2.18",
        "1.2.19",
        "1.2.2",
        "1.2.20",
        "1.2.3",
        "1.2.4",
        "1.2.5",
        "1.2.6",
        "1.2.7",
        "1.2.8",
        "1.2.9",
        "2.0.0",
        "2.0.1",
        "2.0.1rc0",
        "2.0.2",
        "2.1.0",
        "2.1.0a0",
        "2.1.0b0",
        "2.1.0rc0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.1.5",
        "2.2.0",
        "2.2.0a0",
        "2.2.0a1",
        "2.2.0rc1",
        "2.2.1",
        "2.2.2",
        "2.2.4",
        "2.2.5",
        "2.2.6",
        "2.2.7",
        "2.2.8",
        "2.2.9",
        "2.3.0",
        "2.3.1",
        "3.0.0",
        "3.0.1",
        "3.0.10",
        "3.0.11",
        "3.0.12",
        "3.0.13",
        "3.0.14",
        "3.0.15",
        "3.0.16",
        "3.0.2",
        "3.0.3",
        "3.0.4",
        "3.0.5",
        "3.0.6",
        "3.0.7",
        "3.0.8",
        "3.0.9",
        "3.1.0",
        "3.1.1",
        "3.1.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32797",
    "GHSA-4952-p58q-6crx"
  ],
  "details": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
  "id": "PYSEC-2021-130",
  "modified": "2021-08-27T03:22:05.377903Z",
  "published": "2021-08-09T21:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
    }
  ]
}

OPENSUSE-SU-2022:10075-1

Vulnerability from csaf_opensuse - Published: 2022-08-02 10:20 - Updated: 2022-08-02 10:20

Summary

Security update for python-jupyterlab

Notes

Title of the patch

Security update for python-jupyterlab

Description of the patch

This update for python-jupyterlab fixes the following issues: Update to 2.2.10: * Remove `form` tags' `action` attribute during sanitizing, to prevent an XSS (CVE-2021-32797) (boo#1196663) * Header ‘Content-Type’ should not be overwritten * Do not use token parameters in websocket urls * Properly handle errors in async browser_check * Cells can no longer be executed while kernels are terminating or restarting. There is a new status for these events on the Kernel Indicator * Add styling for high memory usage warning in status bar with nbresuse * Adds support for Python version 3.10 * Support live editing of SVG with updating rendering * Lazy load codemirror theme stylesheets * Add feature request template + slight reorg in readme * Add link to react example in extension-examples repo * Close correct tab with close tab * Remove unused css rules * Simplified multicursor backspace code * Fix recent breaking changes to normalizepath in filebrowser * Handle quit_button when launched as an extension * Add worker-loader * Fix icon sidebar height for third party extensions * Scrolls cells into view after deletion * Support Node.js 10+ * Select search text when focusing the search overlay * Throttle fetch requests in the setting registry’s data connector * Avoid redundant checkpoint calls on loading a notebook

Patchnames

openSUSE-2022-10075

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-jupyterlab",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-jupyterlab fixes the following issues:\n\nUpdate to 2.2.10:\n\n* Remove `form` tags\u0027 `action` attribute during sanitizing, to prevent an\n  XSS (CVE-2021-32797) (boo#1196663)\n* Header \u2018Content-Type\u2019 should not be overwritten\n* Do not use token parameters in websocket urls\n* Properly handle errors in async browser_check\n* Cells can no longer be executed while kernels are terminating or\n  restarting. There is a new status for these events on the Kernel Indicator\n* Add styling for high memory usage warning in status bar with nbresuse\n* Adds support for Python version 3.10\n* Support live editing of SVG with updating rendering\n* Lazy load codemirror theme stylesheets\n* Add feature request template + slight reorg in readme\n* Add link to react example in extension-examples repo\n* Close correct tab with close tab\n* Remove unused css rules\n* Simplified multicursor backspace code\n* Fix recent breaking changes to normalizepath in filebrowser\n* Handle quit_button when launched as an extension\n* Add worker-loader\n* Fix icon sidebar height for third party extensions\n* Scrolls cells into view after deletion\n* Support Node.js 10+\n* Select search text when focusing the search overlay\n* Throttle fetch requests in the setting registry\u2019s data connector\n* Avoid redundant checkpoint calls on loading a notebook \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2022-10075",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10075-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2022:10075-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZGF2ZZFSQOBN7NRPXC3MMQXPLYLS2IH/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2022:10075-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZGF2ZZFSQOBN7NRPXC3MMQXPLYLS2IH/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196663",
        "url": "https://bugzilla.suse.com/1196663"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-32797 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-32797/"
      }
    ],
    "title": "Security update for python-jupyterlab",
    "tracking": {
      "current_release_date": "2022-08-02T10:20:19Z",
      "generator": {
        "date": "2022-08-02T10:20:19Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2022:10075-1",
      "initial_release_date": "2022-08-02T10:20:19Z",
      "revision_history": [
        {
          "date": "2022-08-02T10:20:19Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
                "product": {
                  "name": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
                  "product_id": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
                "product": {
                  "name": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
                  "product_id": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP4",
                "product": {
                  "name": "SUSE Package Hub 15 SP4",
                  "product_id": "SUSE Package Hub 15 SP4"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch"
        },
        "product_reference": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
        },
        "product_reference": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch"
        },
        "product_reference": "jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
        },
        "product_reference": "python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-32797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-32797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u0027t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
          "SUSE Package Hub 15 SP4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
          "openSUSE Leap 15.4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
          "openSUSE Leap 15.4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-32797",
          "url": "https://www.suse.com/security/cve/CVE-2021-32797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196663 for CVE-2021-32797",
          "url": "https://bugzilla.suse.com/1196663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "SUSE Package Hub 15 SP4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "SUSE Package Hub 15 SP4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:python3-jupyterlab-2.2.10-bp154.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-08-02T10:20:19Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-32797"
    }
  ]
}

FKIE_CVE-2021-32797

Vulnerability from fkie_nvd - Published: 2021-08-09 21:15 - Updated: 2024-11-21 06:07

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx	Third Party Advisory

Impacted products

Vendor	Product	Version
jupyter	jupyterlab	*
jupyter	jupyterlab	*
jupyter	jupyterlab	*
jupyter	jupyterlab	*
jupyter	jupyterlab	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F55BD7C-58C2-4138-BA4E-29955AAB4BC7",
              "versionEndExcluding": "1.2.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8592C189-B3B5-4CA7-B307-3FAD881C1AA3",
              "versionEndExcluding": "2.2.10",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B6DC37D-4F40-4405-9912-C1BB5F30B866",
              "versionEndExcluding": "2.3.2",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B6289-7C90-493D-9115-9C9A2C5B9C55",
              "versionEndExcluding": "3.0.17",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C66C0CF-ECC1-4578-92EC-E883BF9A9E53",
              "versionEndExcluding": "3.1.4",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html `\u003cform\u003e`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook."
    },
    {
      "lang": "es",
      "value": "JupyterLab, es una interfaz de usuario para el Proyecto Jupyter que eventualmente reemplazar\u00e1 al cl\u00e1sico Jupyter Notebook. En las versiones afectadas del notebook no confiable puede ejecutar c\u00f3digo en la carga. En particular, JupyterLab no sanea el atributo action del html \"(form)\". Usando esto es posible desencadenar la comprobaci\u00f3n del formulario fuera del propio formulario. Esto es una ejecuci\u00f3n de c\u00f3digo remota , pero requiere la acci\u00f3n del usuario para abrir un notebook"
    }
  ],
  "id": "CVE-2021-32797",
  "lastModified": "2024-11-21T06:07:45.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-09T21:15:08.140",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-32797 (GCVE-0-2021-32797)

GSD-2021-32797

GHSA-4952-P58Q-6CRX

Impact

Patches

References

For more information

PYSEC-2021-130

OPENSUSE-SU-2022:10075-1

FKIE_CVE-2021-32797

Tags

Sightings

Nomenclature