Candidate: CVE-2018-8768 PublicDate: 2018-03-18 06:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768 http://www.openwall.com/lists/oss-security/2018/03/15/2 http://openwall.com/lists/oss-security/2018/03/15/2 https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831 Description: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893436 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_ipython: upstream_ipython: released (5.1.0-2) precise/esm_ipython: DNE trusty_ipython: ignored (out of standard support) trusty/esm_ipython: needed xenial_ipython: ignored (end of standard support, was needed) artful_ipython: not-affected (5.1.0-3) bionic_ipython: not-affected cosmic_ipython: not-affected disco_ipython: not-affected eoan_ipython: not-affected focal_ipython: not-affected groovy_ipython: not-affected hirsute_ipython: not-affected impish_ipython: not-affected jammy_ipython: not-affected devel_ipython: not-affected Patches_jupyter-notebook: upstream_jupyter-notebook: released (5.4.1-1) precise/esm_jupyter-notebook: DNE trusty_jupyter-notebook: DNE trusty/esm_jupyter-notebook: DNE xenial_jupyter-notebook: DNE artful_jupyter-notebook: ignored (reached end-of-life) bionic_jupyter-notebook: not-affected (5.4.1-1) cosmic_jupyter-notebook: ignored (reached end-of-life) disco_jupyter-notebook: not-affected (5.4.1-1) eoan_jupyter-notebook: not-affected (5.4.1-1) focal_jupyter-notebook: not-affected (5.4.1-1) groovy_jupyter-notebook: not-affected (5.4.1-1) hirsute_jupyter-notebook: not-affected (5.4.1-1) impish_jupyter-notebook: not-affected (5.4.1-1) jammy_jupyter-notebook: not-affected (5.4.1-1) devel_jupyter-notebook: not-affected (5.4.1-1)