[Python-modules-team] Bug#917408: jupyter-notebook: CVE-2018-19352
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 27 13:29:41 GMT 2018
Source: jupyter-notebook
Version: 5.4.1-1
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2018-19352[0]:
| Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name
| because notebook/static/tree/js/notebooklist.js handles certain URLs
| unsafely.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19352
[1] https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Python-modules-team
mailing list