VDB
CVE-2021-32797
CVE-2021-32797
PUBLISHED
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.
EPSS 0.87% · 75.6th percentile
Risk Scores
EPSS Score
0.87%
75.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jupyterlab | 0, 2.0.0, 2.3.0 |
| Bitnami | jupyterlab | 0, 2.0.0, 2.3.0 |
Exploit Intelligence
Timeline
- Aug 9, 2021 CVE Published
- Aug 10, 2021 EPSS Score
- Oct 8, 2021 EPSS Score
- Dec 5, 2021 EPSS Score
- Feb 2, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 2, 2022 EPSS Score
- May 31, 2022 EPSS Score
- Sep 26, 2022 EPSS Score
- Nov 24, 2022 EPSS Score
- Jan 22, 2023 EPSS Score