Lfnovo: >> Open-Notebook >> 1.8.3 Security Vulnerabilities
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-05-07
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-05-07
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
CVSS Score
9.2
EPSS Score
0.001
Published
2026-05-07