18 Nov 2018
CVE-2018-19351 - CVE Vulnerability
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. (CVSS:0.0) (Last Update:2018-11-18)
Vulnerability Details : Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. Publish Date : 2018-11-18 Last Update Date : 2018-11-18 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-19351
- References For CVE-2018-19351 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-19351There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |