VDB

CVE-2021-32797

CVE-2021-32797 PUBLISHED

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

EPSS 0.87% · 75.6th percentile

Risk Scores

EPSS Score
0.87%
75.6th percentile

Affected Products

VendorProductVersions
Bitnamijupyterlab0, 2.0.0, 2.3.0
Bitnamijupyterlab0, 2.0.0, 2.3.0

Timeline

  • Aug 9, 2021 CVE Published
  • Aug 10, 2021 EPSS Score
  • Oct 8, 2021 EPSS Score
  • Dec 5, 2021 EPSS Score
  • Feb 2, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 2, 2022 EPSS Score
  • May 31, 2022 EPSS Score
  • Sep 26, 2022 EPSS Score
  • Nov 24, 2022 EPSS Score
  • Jan 22, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›