A critical Server-Side Template Injection vulnerability in Open Notebook allows attackers to achieve arbitrary code execution within the container environment.

The application fails to sanitize user-provided input during transformations, resulting in SSTI. An authenticated user can leverage this flaw to execute arbitrary Python code, leading to full OS command execution on the host Docker container.

The ability to execute arbitrary commands at the container level poses a severe risk to data confidentiality, integrity, and availability. With a CVSS score of 10.0, this vulnerability represents the highest level of risk, potentially allowing an attacker to pivot into the internal network, steal sensitive data, or compromise the integrity of the application environment.

Immediate Action: Update Open Notebook to the latest available version provided by the vendor to remediate the input sanitization flaw.

Proactive Monitoring: Review application logs for suspicious transformation requests and monitor for anomalous process spawning within the container.

Compensating Controls: Implement strict network segmentation for the Docker container and utilize security tools to restrict execution permissions for the application user.

Public Exploit Available: Unknown

Given the critical CVSS 10.0 severity, this vulnerability must be treated as a top priority. Organizations using Open Notebook v1.8.3 should apply the necessary patches immediately to prevent unauthorized code execution and mitigate the risk of a full container compromise.