Jupyter Notebook open redirect vulnerability · CVE-2019-10856 · GitHub Advisory Database · GitHub

Jupyter Notebook open redirect vulnerability

Moderate severity GitHub Reviewed Published Apr 9, 2019 to the GitHub Advisory Database • Updated Sep 26, 2024

Package

notebook (pip)

Affected versions

< 5.7.8

Patched versions

5.7.8

Description

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

References

Published to the GitHub Advisory Database Apr 9, 2019

Reviewed Jun 16, 2020

Last updated Sep 26, 2024

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N