Fluid Attacks Database

Description

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	jupyter-notebook	>=0 <6.1.5-1	6.1.5-1
debian 11	jupyter-notebook	>=0 <6.1.5-1	6.1.5-1
debian 12	jupyter-notebook	>=0 <6.1.5-1	6.1.5-1
debian 14	jupyter-notebook	>=0 <6.1.5-1	6.1.5-1
pypi	notebook	>=0 <6.1.5	6.1.5

Aliases

1. CVE-2020-262152. NVD-2020-262153. OSV-DEBIAN-2020-262154. OSV-2020-262155. GHSA-c7vm-f5p4-8fqh6. GCVE-2020-262157. SECURITY-TRACKER-CVE-2020-262158. lists.debian.org

References

1. https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh2. https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d743. https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2020-215.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.