Plattform
python
Komponente
notebook
Behoben in
6.0.1
5.7.12
5.7.11
CVE-2021-32798 is a critical remote code execution (RCE) vulnerability affecting IPython Notebook versions up to 5.7.9. An attacker can exploit this flaw by crafting a malicious notebook file that, when opened by a user, executes arbitrary code on their system. This vulnerability requires user interaction to open the compromised notebook. Patches are available in versions 5.7.11 and 6.4.1.
The primary impact of CVE-2021-32798 is remote code execution. An attacker can embed malicious code within an IPython Notebook file. When a user opens this notebook, the embedded code executes with the privileges of the user running IPython. This could allow an attacker to gain control of the system, steal sensitive data, install malware, or perform other malicious actions. The attack requires the user to actively open the malicious notebook file, but the potential impact is severe, allowing for complete system compromise. This vulnerability shares similarities with other code injection vulnerabilities where user-supplied data is executed without proper sanitization.
CVE-2021-32798 was publicly disclosed on August 23, 2021. The vulnerability was discovered by Guillaume Jeanne from Google. There is no indication of this vulnerability being actively exploited in the wild, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the ease of exploitation. The CVSS score of 10 (Critical) reflects the high severity of the vulnerability.
Users who rely on IPython Notebook for data analysis, scientific computing, or interactive development are at risk. This includes researchers, data scientists, and developers who frequently share and open notebooks from external sources. Shared hosting environments where multiple users have access to the same notebook files are particularly vulnerable.
• python / notebook: Inspect notebook files (.ipynb) for suspicious code blocks, particularly those executing shell commands or system calls.
import nbformat
from nbconvert import PythonExporter
with open('suspicious.ipynb', 'r') as f:
nb = nbformat.read(f, as_version=4)
code = PythonExporter().from_notebook_node(nb.cells[0])
print(code)• generic web: Monitor web server access logs for requests to download .ipynb files from untrusted sources. • generic web: Check response headers for unusual content types associated with .ipynb files.
disclosure
Exploit-Status
EPSS
0.23% (45% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-32798 is to upgrade to a patched version of IPython Notebook, specifically 5.7.11 or 6.4.1. If upgrading is not immediately feasible, exercise extreme caution when opening notebooks from untrusted sources. Consider implementing a Web Application Firewall (WAF) or proxy to inspect notebook files for malicious content before they are opened. While a direct workaround is unavailable, restricting user access to notebook files and educating users about the risks of opening untrusted files can reduce the attack surface. After upgrading, verify the fix by attempting to open a known malicious notebook (if available) and confirming that the code does not execute.
Actualice Jupyter Notebook a la versión 6.4.1 o superior, o a la versión 5.7.11 o superior. Esto corrige una vulnerabilidad de Cross-Site Scripting (XSS) que permite la ejecución de código arbitrario al abrir un archivo ipynb malicioso.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-32798 is a critical remote code execution vulnerability in IPython Notebook versions up to 5.7.9. Opening a malicious notebook allows an attacker to execute arbitrary code.
You are affected if you are using IPython Notebook versions 5.7.9 or earlier. Upgrade to 5.7.11 or 6.4.1 to resolve the vulnerability.
Upgrade to IPython Notebook version 5.7.11 or 6.4.1. Exercise caution when opening notebooks from untrusted sources.
There is no confirmed evidence of active exploitation in the wild, but public proof-of-concept exploits exist.
Refer to the IPython security advisory and related documentation on their website: https://ipython.org/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.