[Python-modules-team] Bug#924515: jupyter-notebook: CVE-2019-9644
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 13 20:42:08 GMT 2019
Source: jupyter-notebook
Version: 5.7.4-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2019-9644[0]:
| An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before
| 5.7.6 allows inclusion of resources on malicious pages when visited by
| users who are authenticated with a Jupyter server. Access to the
| content of resources has been demonstrated with Internet Explorer
| through capturing of error messages, though not reproduced with other
| browsers. This occurs because Internet Explorer's error messages can
| include the content of any invalid JavaScript that was encountered.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9644
[1] https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Python-modules-team
mailing list