vulnerability

Ubuntu: USN-5585-1 (CVE-2018-19351): Jupyter Notebook vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 18, 2018

Added

Aug 31, 2022

Modified

Mar 27, 2026

Description

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.

Solutions

ubuntu-upgrade-jupyter-notebookubuntu-upgrade-python-notebookubuntu-upgrade-python3-notebook

References

CVE-2018-19351
https://attackerkb.com/topics/CVE-2018-19351
CWE-79
EUVD-EUVD-2018-0104
NVD-CVE-2018-19351
UBUNTU-USN-5585-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-0104

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report