Miggo Logo

CVE-2018-8768: Jupyter Notebook file bypasses sanitization, executes JavaScript

7.8

CVSS Score
3.0

Basic Information

EPSS Score
0.31216%
CWE
-
Published
7/12/2018
Updated
9/27/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
notebookpip< 5.4.15.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from sanitization occurring before jQuery's DOM manipulation. The core issue is that Jupyter's sanitize_html function (or equivalent) failed to account for how jQuery would reinterpret invalid HTML remnants after sanitization. This allowed malicious content to be reconstructed into executable JavaScript during jQuery's parsing phase. The high confidence stems from the described attack vector (sanitization bypass via post-sanitization DOM manipulation) and the logical location of such sanitization logic in Jupyter's security-related JavaScript files.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Jupyt*r Not**ook ***or* *.*.*, * m*li*iously *or*** not**ook *il* **n *yp*ss s*nitiz*tion to *x**ut* J*v*S*ript in t** not**ook *ont*xt. Sp**i*i**lly, inv*li* *TML is '*ix**' *y jQu*ry **t*r s*nitiz*tion, m*kin* it **n**rous.

Reasoning

T** vuln*r**ility *ris*s *rom s*nitiz*tion o**urrin* ***or* `jQu*ry`'s *OM m*nipul*tion. T** *or* issu* is t**t `Jupyt*r`'s `s*nitiz*_*tml` *un*tion (or *quiv*l*nt) **il** to ***ount *or *ow `jQu*ry` woul* r*int*rpr*t inv*li* *TML r*mn*nts **t*r s*ni