VDB
EN
HIGH 7.4

PYSEC-2026-688

JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

상세

### Impact

Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook.

### Patches

Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21.

### References

[OWASP Page on Restricting Form Submissions](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)

### For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: Guillaume Jeanne from Google

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / notebook
최초 영향 버전: 0 수정 버전: 5.7.11
수정 pip install --upgrade 'notebook>=5.7.11'

참고