Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
Low
Attack Vector
Network
0

CVE-2021-41134

Disclosure Date: November 03, 2021
CVE-2021-41134 CVSS v3 Base Score: 5.4
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.4 Medium
Impact Score:
2.7
Exploitability Score:
2.3
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
nbdime < 1.1.1 - nbdime (pip)
nbdime >= 2.0.0 , < 2.1.1 - nbdime (pip)
nbdime >= 3.0.0, < 3.1.1 - nbdime (pip)
nbdime < 5.0.2 - nbdime (npm)
nbdime >= 6.0.0, < 6.1.2 - nbdime (npm)
nbdime < 1.0.1 - nbdime-jupyterlab (npm)
nbdime >= 2.0.0, < 2.1.1 - nbdime-jupyterlab (npm)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis