Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

6.x series is vulnerable to CVE-2019-10856 #6494

Closed
ist199099 opened this issue Jul 31, 2022 · 1 comment
Closed

6.x series is vulnerable to CVE-2019-10856 #6494

ist199099 opened this issue Jul 31, 2022 · 1 comment
Labels
bug

Comments

@ist199099
Copy link

ist199099 commented Jul 31, 2022
edited
Loading

Describe the bug
The 6.x series are vulnerable to CVE-2019-10856.

To Reproduce
Steps to reproduce the behavior:

  1. Set up a notebook server.
  2. Construct a link to exploit CVE-2019-10856 and open it in Chrome.
  3. Enter a valid username and password and log in.

Expected behavior
The server should refuse to show the login page or to redirect to the malicious website.
@ist199099 ist199099 added the bug label Jul 31, 2022
@ist199099 ist199099 changed the title 6.4 series is vulnerable to CVE-2019-10856 6.x series is vulnerable to CVE-2019-10856 Jul 31, 2022
@jtpio jtpio mentioned this issue Aug 4, 2022
Closed
@RRosio
Copy link
Collaborator

RRosio commented Nov 2, 2022

Hi @ist199099, thank you for submitting this issue! The fix for this issue, #6511 was merged in and available the latest release of notebook, 6.5.2. I will close out this issue now, but please feel free to reopen if there is more to address!

@RRosio RRosio closed this as completed Nov 2, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 3, 2023
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RRosio @ist199099