—
PYSEC-2018-18
Details
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / notebook
Introduced in:
0 Fixed in: 288b73e1edbf527740e273fcc69b889460871648 Fix
pip install --upgrade 'notebook>=288b73e1edbf527740e273fcc69b889460871648'