GHSA-4C99-QJ7H-P3VG

Vulnerability from github – Published: 2026-04-21 17:18 – Updated: 2026-04-21 17:18
VLAI?
Summary
nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
Details

Arbitrary File Write via Path Traversal in Cell Attachment Filenames

Summary

nbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension.

Impact

This vulnerability allows writing files with arbitrary content to arbitrary filesystem locations, limited only by the permissions of the process running nbconvert. The attacker controls: - Full destination path (via ../ traversal) - Filename - File extension - File content

Patches

  • upgrade to nbconvert v7.17.1

Workarounds

disable ExtractAttachmentsPreprocessor by setting:

c. ExtractAttachmentsPreprocessor.enabled = False
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nbconvert"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.5.0"
            },
            {
              "fixed": "7.17.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39377"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-21T17:18:18Z",
    "nvd_published_at": "2026-04-21T01:16:05Z",
    "severity": "MODERATE"
  },
  "details": "# Arbitrary File Write via Path Traversal in Cell Attachment Filenames\n\n## Summary\n\nnbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension.\n\n\n## Impact\n\nThis vulnerability allows writing files with arbitrary content to arbitrary filesystem locations, limited only by the permissions of the process running nbconvert. The attacker controls:\n- Full destination path (via `../` traversal)\n- Filename\n- File extension\n- File content\n\n## Patches\n\n- upgrade to nbconvert v7.17.1\n\n## Workarounds\n\ndisable ExtractAttachmentsPreprocessor by setting:\n\n```python\nc. ExtractAttachmentsPreprocessor.enabled = False\n```",
  "id": "GHSA-4c99-qj7h-p3vg",
  "modified": "2026-04-21T17:18:18Z",
  "published": "2026-04-21T17:18:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39377"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/nbconvert"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.