GHSA-p6rw-44q7-3fw4

Source

https://github.com/advisories/GHSA-p6rw-44q7-3fw4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-p6rw-44q7-3fw4/GHSA-p6rw-44q7-3fw4.json

Aliases

• CVE-2021-41134
• PYSEC-2021-428

Published

2021-11-08T18:09:27Z

Modified

2023-11-08T04:06:52.416770Z

Details

Impact

Improper handling of user controlled input caused a stored cross-site scripting (XSS) vulnerability. All previous versions of nbdime are affected.

Patches

Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package.

Python

• nbdime 1.x: Patched in v. 1.1.1
• nbdime 2.x: Patched in v. 2.1.1
• nbdime 3.x: Patched in v. 3.1.1

npm

• nbdime 6.x version: Patched in 6.1.2
• nbdime 5.x version: Patched in 5.0.2
• nbdime-jupyterlab 1.x version: Patched in 1.0.1
• nbdime-jupyterlab 2.x version: Patched in 2.1.1

For more information

If you have any questions or comments about this advisory email us at security@ipython.org.

References

• https://github.com/jupyter/nbdime/security/advisories/GHSA-p6rw-44q7-3fw4
• https://nvd.nist.gov/vuln/detail/CVE-2021-41134
• https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea
• https://github.com/jupyter/nbdime