Suggestions search

Published

Filter by:

With package: python312Packages.nbconvert

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-39377

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 2 months ago by @LeSuisse Activity log

Created suggestion 2 months ago
@LeSuisse accepted 2 months ago
@LeSuisse published on GitHub 2 months ago

nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.

References

https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg x_refsource_CONFIRM

Ignored references (1)

https://github.com/jupyter/nbconvert/releases/tag/v7.17.1 x_refsource_MISC

Affected products

nbconvert

==>= 6.5, < 7.17.1

Matching in nixpkgs

pkgs.python312Packages.nbconvert

None

pkgs.python313Packages.nbconvert

Converting Jupyter Notebooks

nixos-unstable 7.16.6
- nixpkgs-unstable 7.16.6
- nixos-unstable-small 7.16.6

pkgs.python314Packages.nbconvert

Converting Jupyter Notebooks

nixos-unstable 7.16.6
- nixpkgs-unstable 7.16.6
- nixos-unstable-small 7.16.6

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@thomasjm Tom McLaughlin <tom@codedown.io>
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>

Permalink CVE-2026-39378

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 2 months ago by @LeSuisse Activity log

Created suggestion 2 months ago
@LeSuisse accepted 2 months ago
@LeSuisse published on GitHub 2 months ago

nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default.