CVE-2021-32797 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-32797 Interim 1 4 2023-02-21T00:27:01Z current 2022-03-03T02:35:21Z 2023-02-21T00:27:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-32797 JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZGF2ZZFSQOBN7NRPXC3MMQXPLYLS2IH/ E-Mail link for openSUSE-SU-2022:10075-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP4 openSUSE Leap 15.4 jupyter-jupyterlab-2.2.10-bp154.2.3.1 python3-jupyterlab-2.2.10-bp154.2.3.1 jupyter-jupyterlab-2.2.10-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 python3-jupyterlab-2.2.10-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 jupyter-jupyterlab-2.2.10-bp154.2.3.1 as a component of openSUSE Leap 15.4 python3-jupyterlab-2.2.10-bp154.2.3.1 as a component of openSUSE Leap 15.4 JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. CVE-2021-32797 SUSE Package Hub 15 SP4:jupyter-jupyterlab-2.2.10-bp154.2.3.1 SUSE Package Hub 15 SP4:python3-jupyterlab-2.2.10-bp154.2.3.1 openSUSE Leap 15.4:jupyter-jupyterlab-2.2.10-bp154.2.3.1 openSUSE Leap 15.4:python3-jupyterlab-2.2.10-bp154.2.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H