Uncontrolled Search Path Element in nbconvert

Summary

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. All versions of nbconvert on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.