CVE-2021-41134

Stored XSS in Jupyter nbdime

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.

nbdime proporciona herramientas para diferenciar y fusionar cuadernos Jupyter. En las versiones afectadas se presenta un problema de tipo cross-site scripting (XSS) almacenado en el proyecto nbdime, propiedad de Jupyter. Parece que cuando se lee el nombre del archivo y la ruta desde el disco, la extensión no sanea la cadena que construye antes de devolverla para que se muestre. La función diffNotebookCheckpoint dentro de nbdime causa este problema. Cuando es intentado mostrar el nombre del cuaderno local (diffNotebookCheckpoint), nbdime parece añadir simplemente .ipynb al nombre del archivo de entrada. El NbdimeWidget es creado entonces, y la cadena base es pasada mediante la función API de petición. A partir de ahí, el frontend simplemente renderiza la etiqueta HTML y todo lo que la acompaña. Es recomendado a usuarios aplicar el parche a la versión más reciente del producto afectado

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-09-15 CVE Reserved
2021-11-03 CVE Published
2023-05-27 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://github.com/jupyter/nbdime/security/advisories/GHSA-p6rw-44q7-3fw4	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea	2021-11-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jupyter Search vendor "Jupyter"		Nbdime Search vendor "Jupyter" for product "Nbdime"				>= 1.0.0 < 1.1.1 Search vendor "Jupyter" for product "Nbdime" and version " >= 1.0.0 < 1.1.1"		python		Affected
Jupyter Search vendor "Jupyter"		Nbdime Search vendor "Jupyter" for product "Nbdime"				>= 2.0.0 < 2.1.1 Search vendor "Jupyter" for product "Nbdime" and version " >= 2.0.0 < 2.1.1"		python		Affected
Jupyter Search vendor "Jupyter"		Nbdime Search vendor "Jupyter" for product "Nbdime"				>= 3.0.0 <= 3.1.1 Search vendor "Jupyter" for product "Nbdime" and version " >= 3.0.0 <= 3.1.1"		python		Affected
Jupyter Search vendor "Jupyter"		Nbdime Search vendor "Jupyter" for product "Nbdime"				>= 5.0.0 < 5.0.2 Search vendor "Jupyter" for product "Nbdime" and version " >= 5.0.0 < 5.0.2"		node.js		Affected
Jupyter Search vendor "Jupyter"		Nbdime Search vendor "Jupyter" for product "Nbdime"				>= 6.0.0 < 6.1.2 Search vendor "Jupyter" for product "Nbdime" and version " >= 6.0.0 < 6.1.2"		node.js		Affected
Jupyter Search vendor "Jupyter"		Nbdime-jupyterlab Search vendor "Jupyter" for product "Nbdime-jupyterlab"				>= 1.0.0 < 1.0.1 Search vendor "Jupyter" for product "Nbdime-jupyterlab" and version " >= 1.0.0 < 1.0.1"		node.js		Affected
Jupyter Search vendor "Jupyter"		Nbdime-jupyterlab Search vendor "Jupyter" for product "Nbdime-jupyterlab"				>= 2.0.0 < 2.1.1 Search vendor "Jupyter" for product "Nbdime-jupyterlab" and version " >= 2.0.0 < 2.1.1"		node.js		Affected