JupyterLab Command Execution Vulnerability via Deceptive HTML Buttons

A vulnerability in JupyterLab prior to version 4.5.7 allows for arbitrary command execution through deceptive buttons in HTML cell outputs. The issue arises because JupyterLab's HTML sanitizer improperly allows certain attributes on button elements. This enables CommandLinker to execute commands without verifying the trustworthiness of the source. As a result, a notebook containing a manipulated button can trigger JupyterLab commands, including arbitrary code execution, with a single click from the user. This exploitation occurs without any code being actively submitted for execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution in JupyterLab, including running arbitrary code in available kernels. It also enables file deletion, which could lead to significant information loss, depending on server configurations. In multi-tenant Jupyter server deployments, this vulnerability could cause denial-of-service by overwhelming the server, impacting availability for other users.

Remediation

Users can update to JupyterLab version 4.5.7 or later to address this vulnerability. For downstream applications inheriting from JupyterFrontEnd or JupyterLab, the CommandLinker can be disabled by passing a specific option during initialization. Additionally, the patched version includes a toggle to disable the command linker functionality altogether, which can be configured via the overrides.json file.