Is CVE-2021-32797 actively exploited?

CVE-2021-32797 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-32797?

CVE-2021-32797 has a CVSS score of 7.4 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

How do I patch CVE-2021-32797?

Patch guidance is available from jupyter security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-32797.

Fix CVE-2021-32797 - HIGH jupyter jupyterlab

Q: Which products are affected by CVE-2021-32797?

5 products: jupyter jupyterlab, jupyter jupyterlab, jupyter jupyterlab, jupyter jupyterlab, jupyter jupyterlab.

Description

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: changed
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: JUPYTER
Published: 8/9/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

jupyter : jupyterlabjupyter : jupyterlabjupyter : jupyterlabjupyter : jupyterlabjupyter : jupyterlab

Remediation Guidance

Executive Summary

View on NIST NVD