Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A
maliciously crafted link to a notebook server could redirect the browser to
a different website. All notebook servers are technically affected,
however, these maliciously crafted links can only be reasonably made for
known notebook server hosts. A link to your notebook server may appear
safe, but ultimately redirect to a spoofed server on the public internet.
The issue is patched in version 6.1.5.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jupyter-notebook | < 5.2.2-1ubuntu0.1 | UNKNOWN |
ubuntu | 20.04 | noarch | jupyter-notebook | < 6.0.3-2ubuntu0.1 | UNKNOWN |
github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74
github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
launchpad.net/bugs/cve/CVE-2020-26215
nvd.nist.gov/vuln/detail/CVE-2020-26215
security-tracker.debian.org/tracker/CVE-2020-26215
ubuntu.com/security/notices/USN-5585-1
www.cve.org/CVERecord?id=CVE-2020-26215