CVE-2024-22420— Stored cross site scripting in Markdown Preview in JupyterLab
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22420
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored cross site scripting in Markdown Preview in JupyterLab
Source: NVD (National Vulnerability Database)
Vulnerability Description
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
JupyterLab 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JupyterLab是一个用于交互式和可重复计算的可扩展环境,基于 Jupyter Notebook 和架构。 JupyterLab存在安全漏洞。攻击者利用该漏洞可以访问任何数据,并执行任意请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| jupyterlab | jupyterlab | >=4.0.0, < 4.0.11 | - |
II. Public POCs for CVE-2024-22420
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22420
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: jupyterlab
Same vendor: jupyterlab
- CVE-2025-59842
JupyterLab LaTeX typesetter links did not enforce `noopener` - CVE-2025-30370
jupyterlab-git has a command injection vulnerability in "Ope - CVE-2024-43805
HTML injection in Jupyter Notebook and JupyterLab leading to - CVE-2024-39700
Remote Code Execution (RCE) vulnerability in jupyterlab exte - CVE-2024-22421
Potential authentication and CSRF tokens leak in JupyterLab
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2024-22420
No comments yet