cvedb.io
CVE-2021-32797
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2021-08-09T21:15:08.140 · Last modified 2026-06-17T03:53:38.983

Summary

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Affected products

jupyter — jupyterlab

Does this affect you?

Add your gear to cvedb and we'll alert you only when jupyter ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.