python · jupyter-serverCritical
jupyter-server: Stored XSS in nbconvert HTTP handlers fixed
Fixed stored XSS vulnerability in nbconvert HTTP handlers where user-authored notebook HTML was rendered without a sandbox directive in Content-Security-Policy,
What changed
Fixed stored XSS vulnerability in nbconvert HTTP handlers where user-authored notebook HTML was rendered without a sandbox directive in Content-Security-Policy, allowing token exfiltration and kernel RCE.
Who it affects
All users of jupyter_server prior to v2.20.0 who serve untrusted notebooks via /nbconvert/html/.
What to do today
Upgrade to jupyter_server v2.20.0 or apply the provided workaround in jupyter_server_config.py.
The trail
Collected→
Audited→
Written→
Published