Candidate: CVE-2018-19352
PublicDate: 2018-11-18 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19352
 https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
 https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
 https://pypi.org/project/notebook/#history
Description:
 Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name
 because notebook/static/tree/js/notebooklist.js handles certain URLs
 unsafely.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_jupyter-notebook:
upstream_jupyter-notebook: released (5.7.4-1)
precise/esm_jupyter-notebook: DNE
trusty_jupyter-notebook: DNE
trusty/esm_jupyter-notebook: DNE
xenial_jupyter-notebook: DNE
bionic_jupyter-notebook: not-affected (code not present)
cosmic_jupyter-notebook: ignored (reached end-of-life)
disco_jupyter-notebook: not-affected (5.7.4-1)
eoan_jupyter-notebook: ignored (reached end-of-life)
focal_jupyter-notebook: not-affected (5.7.4-1)
groovy_jupyter-notebook: not-affected (5.7.4-1)
devel_jupyter-notebook: not-affected (5.7.4-1)