BIT-jupyterhub-2026-33709

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jupyterhub/BIT-jupyterhub-2026-33709.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jupyterhub-2026-33709

Aliases

CVE-2026-33709
GHSA-3vff-hjqv-m7h8

Published

2026-04-08T08:40:42.508Z

Modified

2026-04-08T09:26:10.760194528Z

Summary

JupyterHub has an Open Redirect Vulnerability

Details

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:jupyter:jupyterhub:*:*:*:*:*:python:*:*"
    ]
}

References

Affected packages

Bitnami / jupyterhub

Package

Name: jupyterhub
Purl: pkg:bitnami/jupyterhub

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/jupyterhub/BIT-jupyterhub-2026-33709.json"