The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-08-18T00:00:00
Updated: 2024-09-02T21:02:59.728Z
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32862
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-18T19:15:14.337
Modified: 2024-11-21T06:07:54.300
Link: CVE-2021-32862
Redhat
No data.