js · jupyterlab-gitCritical
jupyterlab-git Stored XSS via Unsanitized Filename in PlainTextDiff.ts
Stored XSS vulnerability in jupyterlab-git extension's PlainTextDiff.
What changed
Stored XSS vulnerability in jupyterlab-git extension's PlainTextDiff.ts component: the createHeader() method passes Git filenames directly to innerHTML without sanitization when rendering diffs for renamed files, allowing arbitrary JavaScript execution.
Who it affects
Users of JupyterLab with the jupyterlab-git extension installed who view rename diffs in the Git History tab from a shared repository.
What to do today
Update jupyterlab-git to a patched version or apply the mitigation by replacing innerHTML with textContent in PlainTextDiff.ts.
The trail
Collected→
Audited→
Written→
Published