CVE-2021-32862 (Medium) detected in nbconvert-5.5.0-py2.py3-none-any.whl #20
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-32862 - Medium Severity Vulnerability
Converting Jupyter Notebooks (.ipynb files) to other formats. Output formats include asciidoc, html, latex, markdown, pdf, py, rst, script. nbconvert can be used both as a Python library (`import nbconvert`) or as a command line tool (invoked as `jupyter nbconvert ...`).
Library home page: https://files.pythonhosted.org/packages/35/e7/f46c9d65f149271e47fca6ab084ef5c6e4cb1870f4c5cce6690feac55231/nbconvert-5.5.0-py2.py3-none-any.whl
Path to dependency file: /ProbStats-with-TFP/requirements.txt
Path to vulnerable library: /teSource-ArchiveExtractor_06502b82-fa31-4507-bcc7-4f2a20df0a9c/20190519121749_57228/20190519121716_depth_0/4/notebook-5.7.8-py2.py3-none-any/notebook/nbconvert
Dependency Hierarchy:
Found in base branch: master
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
Publish Date: 2022-08-18
URL: CVE-2021-32862
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-9jmq-rx5f-8jwq
Release Date: 2022-08-18
Fix Resolution: 6.3.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: