CVE-2023-51277 - Jupyter Notebook Viewer - version 0.1.5 - Command Execution

Affected Version

Jupyter Notebook Viewer - version 0.1.5

Description

The Jupyter Notebook Viewer application for macOS had an unsafe entitlement present: com.apple.security.get-task-allow that allowed for a maliciously crafted piece of code to takeover the applications process. This allowed for code execution on the machine via the unsafe entitlement.

Proof of Concept

Contact Timeline

December 15, 2023 - Contact made with developer

December 15, 2023 - Fixed made

December 22, 2023 - CVE published