QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10255

Published: Mar 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed

x_refsource_MISC

https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb

x_refsource_MISC

https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b

x_refsource_MISC

https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c

x_refsource_MISC

https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4

x_refsource_MISC

FEDORA-2019-a6e1287e76

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-9e67979b2a

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.