// For flags

CVE-2021-41134

Stored XSS in Jupyter nbdime

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.

nbdime proporciona herramientas para diferenciar y fusionar cuadernos Jupyter. En las versiones afectadas se presenta un problema de tipo cross-site scripting (XSS) almacenado en el proyecto nbdime, propiedad de Jupyter. Parece que cuando se lee el nombre del archivo y la ruta desde el disco, la extensión no sanea la cadena que construye antes de devolverla para que se muestre. La función diffNotebookCheckpoint dentro de nbdime causa este problema. Cuando es intentado mostrar el nombre del cuaderno local (diffNotebookCheckpoint), nbdime parece añadir simplemente .ipynb al nombre del archivo de entrada. El NbdimeWidget es creado entonces, y la cadena base es pasada mediante la función API de petición. A partir de ahí, el frontend simplemente renderiza la etiqueta HTML y todo lo que la acompaña. Es recomendado a usuarios aplicar el parche a la versión más reciente del producto afectado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-15 CVE Reserved
  • 2021-11-03 CVE Published
  • 2023-05-27 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jupyter
Search vendor "Jupyter"
Nbdime
Search vendor "Jupyter" for product "Nbdime"
>= 1.0.0 < 1.1.1
Search vendor "Jupyter" for product "Nbdime" and version " >= 1.0.0 < 1.1.1"
python
Affected
Jupyter
Search vendor "Jupyter"
Nbdime
Search vendor "Jupyter" for product "Nbdime"
>= 2.0.0 < 2.1.1
Search vendor "Jupyter" for product "Nbdime" and version " >= 2.0.0 < 2.1.1"
python
Affected
Jupyter
Search vendor "Jupyter"
Nbdime
Search vendor "Jupyter" for product "Nbdime"
>= 3.0.0 <= 3.1.1
Search vendor "Jupyter" for product "Nbdime" and version " >= 3.0.0 <= 3.1.1"
python
Affected
Jupyter
Search vendor "Jupyter"
Nbdime
Search vendor "Jupyter" for product "Nbdime"
>= 5.0.0 < 5.0.2
Search vendor "Jupyter" for product "Nbdime" and version " >= 5.0.0 < 5.0.2"
node.js
Affected
Jupyter
Search vendor "Jupyter"
Nbdime
Search vendor "Jupyter" for product "Nbdime"
>= 6.0.0 < 6.1.2
Search vendor "Jupyter" for product "Nbdime" and version " >= 6.0.0 < 6.1.2"
node.js
Affected
Jupyter
Search vendor "Jupyter"
Nbdime-jupyterlab
Search vendor "Jupyter" for product "Nbdime-jupyterlab"
>= 1.0.0 < 1.0.1
Search vendor "Jupyter" for product "Nbdime-jupyterlab" and version " >= 1.0.0 < 1.0.1"
node.js
Affected
Jupyter
Search vendor "Jupyter"
Nbdime-jupyterlab
Search vendor "Jupyter" for product "Nbdime-jupyterlab"
>= 2.0.0 < 2.1.1
Search vendor "Jupyter" for product "Nbdime-jupyterlab" and version " >= 2.0.0 < 2.1.1"
node.js
Affected