PYSEC-2018-18
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2018-18.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2018-18
- Aliases
- Published
- 2018-11-18T17:29:00Z
- Modified
- 2023-11-08T04:00:07.695509Z
- Summary
- [none]
- Details
-
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
- References
Affected packages
PyPI / notebook
Package
- Name
- notebook
- View open source insights on deps.dev
- Purl
- pkg:pypi/notebook
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jupyter/notebook
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.7.2
Affected versions
0.*
0.0.0
4.*
4.0.0
4.0.1
4.0.2
4.0.4
4.0.5
4.0.6
4.1.0
4.2.0b1
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
5.*
5.0.0b1
5.0.0b2
5.0.0rc1
5.0.0rc2
5.0.0
5.1.0rc1
5.1.0rc2
5.1.0rc3
5.1.0
5.2.0rc1
5.2.0
5.2.1rc1
5.2.1
5.2.2
5.3.0rc1
5.3.0
5.3.1
5.4.0
5.4.1
5.5.0rc1
5.5.0
5.6.0rc1
5.6.0
5.7.0
5.7.1