Nixpkgs Security Tracker

Permalink CVE-2025-53000

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse dismissed 1 month, 1 week ago

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.

References

Affected products

nbconvert

=<7.16.6
<7.17.0

Matching in nixpkgs

pkgs.python312Packages.nbconvert

Converting Jupyter Notebooks

nixos-25.11 7.16.6
- nixos-25.11-small 7.16.6
- nixpkgs-25.11-darwin 7.16.6

pkgs.python313Packages.nbconvert

Converting Jupyter Notebooks

nixos-unstable 7.16.6
- nixpkgs-unstable 7.16.6
- nixos-unstable-small 7.16.6
nixos-25.11 7.16.6
- nixos-25.11-small 7.16.6
- nixpkgs-25.11-darwin 7.16.6

pkgs.python314Packages.nbconvert

Converting Jupyter Notebooks

nixos-unstable 7.16.6
- nixpkgs-unstable 7.16.6
- nixos-unstable-small 7.16.6

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
@thomasjm Tom McLaughlin <tom@codedown.io>

Windows only, not an issue for nixpkgs

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.nbconvert

pkgs.python313Packages.nbconvert

pkgs.python314Packages.nbconvert

Package maintainers