Nixpkgs security tracker
NIXPKGS-2026-1211
GitHub issue
published on
Permalink
CVE-2026-39378
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse ignored reference https://g…
- @LeSuisse accepted
- @LeSuisse published on GitHub
nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default.
References
-
https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9 x_refsource_CONFIRM
Ignored references (1)
-
https://github.com/jupyter/nbconvert/releases/tag/v7.17.1 x_refsource_MISC
Affected products
nbconvert
- ==>= 6.5, < 7.17.1
Matching in nixpkgs
pkgs.python312Packages.nbconvert
Converting Jupyter Notebooks
pkgs.python313Packages.nbconvert
Converting Jupyter Notebooks
pkgs.python314Packages.nbconvert
Converting Jupyter Notebooks
Package maintainers
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@thomasjm Tom McLaughlin <tom@codedown.io>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>