CVE-2019-10255 – notebook

Package

Manager: pip
Name: notebook
Vulnerable Version: >=0 <5.7.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00596 pctl0.68405

Details

Open Redirect vulnerability in jupyterhub and notebook An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.8 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.6 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

Metadata

Created: 2019-04-02T15:46:54Z
Modified: 2023-09-05T12:34:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-rv62-4pmj-xw6h/GHSA-rv62-4pmj-xw6h.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-rv62-4pmj-xw6h
Finding: F156
Auto approve: 1