Fluid Attacks Database

Description

Open Redirect vulnerability in jupyterhub and notebook An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.8 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.6 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	jupyterhub	>=0 <0.9.6	0.9.6
pypi	notebook	>=0 <5.7.8	5.7.8
debian 14	jupyter-notebook	>=0 <5.7.8-1	5.7.8-1
debian 11	jupyter-notebook	>=0 <5.7.8-1	5.7.8-1
pypi	jupyter	>=0 <0.9.5	1.0.0
debian 12	jupyter-notebook	>=0 <5.7.8-1	5.7.8-1
debian 13	jupyter-notebook	>=0 <5.7.8-1	5.7.8-1

Aliases

1. CVE-2019-102552. NVD-2019-102553. OSV-2019-102554. OSV-DEBIAN-2019-102555. GHSA-rv62-4pmj-xw6h6. GCVE-2019-102557. SECURITY-TRACKER-CVE-2019-10255

References

1. https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb2. https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b3. https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed4. https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e45. https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c6. https://lists.fedoraproject.org/archives/list/[email protected]/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D7. https://lists.fedoraproject.org/archives/list/[email protected]/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO