UBUNTU-CVE-2026-39377

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-39377

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-39377

Upstream

CVE-2026-39377

Published

2026-04-21T01:16:00Z

Modified

2026-05-20T16:25:37.905404973Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.

References

Affected packages

Ubuntu:18.04:LTS

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.0-4

5.*

5.3.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.3.1-1",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "5.3.1-1",
            "binary_name": "python-nbconvert"
        },
        {
            "binary_version": "5.3.1-1",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"

Ubuntu:20.04:LTS

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4-2ubuntu2

5.6.0-1

5.6.0-2

5.6.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.6.1-1",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "5.6.1-1",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"

Ubuntu:22.04:LTS

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.6.1-3

6.*

6.1.0-1

6.3.0-1

6.4.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.4.0-1",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "6.4.0-1",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"

Ubuntu:24.04:LTS

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.3-4

6.5.3-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.5.3-5",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "6.5.3-5",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"

Ubuntu:25.10

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.16.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.16.6-1",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "7.16.6-1",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"

Ubuntu:26.04:LTS

nbconvert

Package

Name: nbconvert
Purl: pkg:deb/ubuntu/nbconvert?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.16.6-1

7.17.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.17.0-1",
            "binary_name": "jupyter-nbconvert"
        },
        {
            "binary_version": "7.17.0-1",
            "binary_name": "python3-nbconvert"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39377.json"