n Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. External References: http://www.openwall.com/lists/oss-security/2018/03/15/2 Upstream Patch: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
Created python-notebook tracking bugs for this issue: Affects: fedora-all [bug 1558783]
This was fixed in Fedora a while ago. Should this be closed?