Jupyter Jupyter
Monthly
Cross-site scripting in jupyter/nbconvert versions 7.17.0 and earlier allows any user with notebook write access to inject and execute arbitrary JavaScript in the browsers of users who view HTML-exported notebooks. The flaw stems from the `data_mermaid` rendering block in `share/templates/lab/base.html.j2`, which outputs `text/vnd.mermaid` cell content directly into HTML without escaping, enabling tag breakout from the enclosing `<pre>` element. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the stored-XSS pattern means any user who views a maliciously crafted HTML export is at risk.
Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.
Cross-site scripting in jupyter/nbconvert versions 7.17.0 and earlier allows any user with notebook write access to inject and execute arbitrary JavaScript in the browsers of users who view HTML-exported notebooks. The flaw stems from the `data_mermaid` rendering block in `share/templates/lab/base.html.j2`, which outputs `text/vnd.mermaid` cell content directly into HTML without escaping, enabling tag breakout from the enclosing `<pre>` element. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the stored-XSS pattern means any user who views a maliciously crafted HTML export is at risk.
Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.