[Python-modules-team] Bug#925939: jupyter-notebook: CVE-2019-10255: open redirect vulnerability
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 28 21:54:17 GMT 2019
Source: jupyter-notebook
Version: 5.7.4-2
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2019-10255[0]:
| An Open Redirect vulnerability for all browsers in Jupyter Notebook
| before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before
| 0.9.5 allows crafted links to the login page, which will redirect to a
| malicious site after successful login. Servers running on a base_url
| prefix are not affected.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-10255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10255
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Python-modules-team
mailing list