[Python-modules-team] Bug#925939: jupyter-notebook: CVE-2019-10255: open redirect vulnerability
carnil at debian.org
Thu Apr 4 21:58:56 BST 2019
On Thu, Mar 28, 2019 at 10:54:17PM +0100, Salvatore Bonaccorso wrote:
> Source: jupyter-notebook
> Version: 5.7.4-2
> Severity: important
> Tags: patch security upstream
> The following vulnerability was published for jupyter-notebook.
> | An Open Redirect vulnerability for all browsers in Jupyter Notebook
> | before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before
> | 0.9.5 allows crafted links to the login page, which will redirect to a
> | malicious site after successful login. Servers running on a base_url
> | prefix are not affected.
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2019-10255
> Please adjust the affected versions in the BTS as needed.
When fixing this issue actually make sure that not only the incomplete
fix is applied, cf.
(adressed in 5.7.8).
More information about the Python-modules-team