Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2018 11:53:13 +0000
From: Ricter Zheng <ricterzheng@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: maliciously crafted notebook files in Jupyter

Hi Thomas Klutver,

I am a student from china major in information security, I'm very interest
about the vulnerability. I tried to reproduction the vulnerability but
failed, so can you provide some technology detail about it?

Thank you.
--
Ricter Zheng

Thomas Kluyver <thomas@...yver.me.uk>于2018年3月15日周四 下午10:27写道:

> Email address of requester: security@...thon.org, thomas@...yver.me.uk,
> benjaminrk@...il.com, jkamens@...ntopian.com, ssanderson@...ntopian.com
>
> Software name: Jupyter Notebook (formerly IPython Notebook)
> Type of vulnerability: Maliciously forged file
> Attack outcome: Possible remote execution
>
> Vulnerability: A maliciously forged notebook file can bypass sanitization
> to execute Javascript in the notebook context. Specifically, invalid HTML
> is 'fixed' by jQuery after sanitization, making it dangerous.
>
> Affected versions:
>
> - notebook ≤ 5.4.0
>
> URI with issues:
>
> - GET /notebook/**
>
> Patches:  not yet finalised
>
> Mitigations:
>
> Upgrade to Jupyter notebook 5.4.1 or 5.5 once available.
> If using pip,
>
>     pip install --upgrade notebook
>
> For conda:
>
>     conda update conda
>     conda update notebook
>
> Vulnerability reported by vkgonka@...l.ru , via Jonathan Kamens at
> Quantopian
>
> --
Ricter Z

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ