GHSA-rch3-82jr-f9w9
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Details
### Impact
A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).
The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitrary code 4. Create terminals for shell access
### Patches
Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.
### Workarounds
The help extension can be disabled via CLI:
``` jupyter labextension disable @jupyter-notebook/help-extension jupyter labextension disable @jupyterlab/help-extension ```
### Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via `overrides.json`:
```json { "@jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } } ```
### Resources
- https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files
### Acknowledgments
Reported by Daniel Teixeira - NVIDIA AI Red Team
Are you affected?
Enter the version of the package you're using.
Affected packages
7.0.0 Fixed in: 7.5.6 npm install @jupyter-notebook/help-extension@7.5.6 0 Fixed in: 4.5.7 npm install @jupyterlab/help-extension@4.5.7