AI Threat Alert
### Impact Improper handling of user controlled input caused a stored cross-site scripting (XSS) vulnerability. All previous versions of nbdime are affected. ### Patches Security patches will be...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| nbdime | pip | < 1.1.1 | 1.1.1 |
| nbdime | npm | < 5.0.2 | 5.0.2 |
| nbdime-jupyterlab | npm | < 1.0.1 | 1.0.1 |
Severity & Risk
Recommended Action
Patch available
Update nbdime to version 1.1.1
Update nbdime to version 5.0.2
Update nbdime-jupyterlab to version 1.0.1
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
### Impact Improper handling of user controlled input caused a stored cross-site scripting (XSS) vulnerability. All previous versions of nbdime are affected. ### Patches Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package. #### Python - nbdime 1.x: Patched in v. 1.1.1 - nbdime 2.x: Patched in v. 2.1.1 - nbdime 3.x: Patched in v. 3.1.1 #### npm - nbdime 6.x version: Patched in 6.1.2 - nbdime 5.x version: Patched in 5.0.2 - nbdime-jupyterlab 1.x version: Patched in 1.0.1 - nbdime-jupyterlab 2.x version: Patched in 2.1.1 ### For more information If you have any questions or comments about this advisory email us at [security@ipython.org](mailto:security@ipython.org).
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N