9 matches found
GHSA-64X5-55RW-9974 cross-site inclusion (XSSI) of files in jupyter-server
Impact Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". Patches Jupyter Server 2.7.2 Workarounds Use lower performance...
Mageia: Security Advisory (MGASA-2022-0323)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5585-1: Jupyter Notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...
arpes (>=1.0.0 <=2.2.0), convert-and-download (>=0.1.3 <=0.2.4) +24 more potentially affected by CVE-2019-9644 via notebook (>=4.2.3 <=5.7.5)
notebook PYPI version =4.2.3, =1.0.0, =0.1.3, =1.0.0b1, =0.0.2, =1.31.7.dev0, =0.1.1.10, =0.2.1, =0.1.6.2, =0.1.2, =0.1.0, =0.5.0, =1.0.1, =0.1.1, =1.0.1 - marvin-python-toolbox =0.0.4 and more Source cves: CVE-2019-9644 Source advisory: OSV:GHSA-HHX8-CR55-QCXX...
Security Bulletin: Jupyter vulnerabilities affect IBM Spectrum Conductor 2.3 and IBM Spectrum Conductor with Spark 2.2.1
Summary There are multiple vulnerabilities in the Jupyter notebook used by IBM Spectrum Conductor with Spark 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2019-9644 Description: Jupyter Notebook could allow a...
Fedora 30 : python-notebook (2019-a6e1287e76)
Security fix for CVE-2019-10255, CVE-2019-9644. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Fedora 29 : python-notebook (2019-9e67979b2a)
Security fix for CVE-2019-10255, CVE-2019-9644. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
CVE-2019-9644
Jupyter Notebook before 5.7.6 is affected by an XSSI vulnerability that allows inclusion of resources on malicious pages when users are authenticated to a Jupyter server. The issue arises from improper handling of cross-site script inclusion and can lead to exposure of resource contents (notably ...