GHSA-vmhf-c436-hxj4MediumDisclosed before NVD

JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

Published
June 19, 2026
Last Modified
June 19, 2026

📋 Description

A malicious PyPI package can place a javascript: URL in its [project.urls] metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origin.

Details

One of the PyPI package's URL (jupyterlab/extensions/pypi.py) is copied straight into the homepage_url rendered by the frontend in packages/extensionmanager/src/widget.tsx#L77-L88.

best_guess_home_url = (
    homepage_url            # home_page / [project.urls] Homepage
    or data.get("project_url")
    or data.get("package_url")
    or documentation_url    # docs_url / [project.urls] Documentation
    or source_url           # [project.urls] Source Code
    or bug_tracker_url      # bugtrack_url / [project.urls] Bug Tracker
)

# homepage_url=best_guess_home_url
{entry.homepage_url ? (
  <a href={entry.homepage_url} target="_blank" rel="noopener noreferrer" ...>
    {entry.name}
  </a>
) : ( <div>{entry.name}</div> )}

Impact

An attacker needs to publish a package to PyPI (no access to the target). When the package appears in a victim's extension manager list and the victim clicks the extension name, the payload runs in the JupyterLab origin.

Preconditions: Extension Manager enabled with the default PyPI source, the malicious package appears in the victim's list/search results.

Patches

Patched in 4.5.9, commits 4e61e07 and d5d961f

🎯 Affected products1

  • pip/jupyterlab:<= 4.5.8

🔗 References (5)