XSS in Jupyterlab Jupyterlab-git
CVE-2026-54527
JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filenam…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Jupyterlab Jupyterlab-git — versions >= 0.30.0b3, < 0.54.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)