Login Sign Up

CVE-2021-32797

7.4 HIGH
Remote Code Execution Cross-Site Scripting

📋 TL;DR

JupyterLab versions before 3.1.0 contain a cross-site scripting vulnerability where untrusted notebooks can execute arbitrary code when loaded. The vulnerability occurs because JupyterLab doesn't properly sanitize the action attribute of HTML forms, allowing attackers to trigger form validation outside the form itself. This affects all JupyterLab users who open untrusted notebooks.

💻 Affected Systems

Products:
  • JupyterLab
Versions: All versions before 3.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open a malicious notebook file.

📦 What is this software?

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the JupyterLab server, potentially compromising the entire server environment and accessing sensitive data.

🟠

Likely Case

Execution of malicious scripts in the user's browser context, leading to session hijacking, data theft, or further exploitation.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially only affecting the current user session.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user to open a malicious notebook file. The vulnerability is well-documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.0 and later

Vendor Advisory: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx

Restart Required: Yes

Instructions:

1. Update JupyterLab to version 3.1.0 or later using pip: 'pip install --upgrade jupyterlab>=3.1.0' 2. Restart the JupyterLab server 3. Verify the update was successful

🔧 Temporary Workarounds

Disable notebook auto-execution

all

Configure JupyterLab to not automatically execute notebook content on load

jupyter lab --NotebookApp.iopub_data_rate_limit=10000000

Use content security policies

all

Implement strict CSP headers to limit script execution

🧯 If You Can't Patch

  • Restrict notebook sources to trusted repositories only
  • Implement network segmentation to isolate JupyterLab instances

🔍 How to Verify

Check if Vulnerable:

Check JupyterLab version: 'jupyter lab --version' or 'pip show jupyterlab'

Check Version:

jupyter lab --version

Verify Fix Applied:

Verify version is 3.1.0 or higher and test with known malicious notebooks

📡 Detection & Monitoring

Log Indicators:

  • Unusual form validation requests
  • Suspicious notebook file access patterns
  • Unexpected code execution events

Network Indicators:

  • Malicious notebook file transfers
  • Unusual outbound connections from JupyterLab instances

SIEM Query:

source="jupyterlab" AND (event="form_validation" OR event="notebook_load") AND status="suspicious"

📊 Metadata

CVE ID: CVE-2021-32797
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE: CWE-79
Published: August 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32797, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)