{"schema_version":"1.7.2","id":"OESA-2026-2195","modified":"2026-05-03T09:58:08Z","published":"2026-05-03T09:58:08Z","upstream":["CVE-2026-39377","CVE-2026-39378"],"summary":"python-nbconvert security update","details":"The nbconvert tool, jupyter nbconvert, converts notebooks to various other  formats via Jinja templates. The nbconvert tool allows you to convert an  .ipynb notebook file into various static formats including HTML, LaTeX,  PDF, Reveal JS, Markdown (md), ReStructured Text (rst) and executable script.\r\n\r\nSecurity Fix(es):\n\nThe nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.(CVE-2026-39377)\n\nThe nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default.(CVE-2026-39378)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"python-nbconvert","purl":"pkg:rpm/openEuler/python-nbconvert&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.17.1-1.oe2403"}]}],"ecosystem_specific":{"noarch":["python3-nbconvert-7.17.1-1.oe2403.noarch.rpm"],"src":["python-nbconvert-7.17.1-1.oe2403.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2195"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39377"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39378"}],"database_specific":{"severity":"Medium"}}