Impact
Improper handling of user controlled input caused a stored cross-site scripting (XSS) vulnerability. All previous versions of nbdime are affected.
Patches
Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package.
Python
- nbdime 1.x: Patched in v. 1.1.1
- nbdime 2.x: Patched in v. 2.1.1
- nbdime 3.x: Patched in v. 3.1.1
npm
- nbdime 6.x version: Patched in 6.1.2
- nbdime 5.x version: Patched in 5.0.2
- nbdime-jupyterlab 1.x version: Patched in 1.0.1
- nbdime-jupyterlab 2.x version: Patched in 2.1.1
For more information
If you have any questions or comments about this advisory email us at security@ipython.org.
Impact
Improper handling of user controlled input caused a stored cross-site scripting (XSS) vulnerability. All previous versions of nbdime are affected.
Patches
Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package.
Python
npm
For more information
If you have any questions or comments about this advisory email us at security@ipython.org.