Home

CVE-2021-32797

Description

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesnt sanitize the action attribute of html . Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Risk Information

Base Score
9.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.136

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2Windows
Vulnerabilities CVE-2021-32797,CVE-2021-32798 are fixed in Python-notebook 5.7.11Windows
Vulnerabilities CVE-2021-32797,CVE-2021-32798 are fixed in Python-notebook 6.4.1Windows
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab 1.2.21Windows
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab 2.2.10Windows
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab 2.3.2Windows
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab 3.0.17Windows
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab 3.1.4Windows
Vulnerabilities CVE-2021-32797,CVE-2021-32798 are fixed in Python-notebook for linux 5.7.11Linux
Vulnerabilities CVE-2021-32797,CVE-2021-32798 are fixed in Python-notebook for linux 6.4.1Linux
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab for linux 1.2.21Linux
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab for linux 2.2.10Linux
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab for linux 2.3.2Linux
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab for linux 3.0.17Linux
Vulnerabilities CVE-2021-32797 are fixed in Python-jupyterlab for linux 3.1.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234