2018-03-18 06:00:00
mitre
PUBLISHED
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is fixed by jQuery after sanitization, making it dangerous.