CVE-2019-10255

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10255

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10255.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10255

Aliases

GHSA-rv62-4pmj-xw6h

Downstream

DEBIAN-CVE-2019-10255

UBUNTU-CVE-2019-10255

USN-5585-1

openSUSE-SU-2024:11242-1

Related

Published

2019-03-28T16:29:00Z

Modified

2025-10-10T01:34:43.432084Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

References

Affected packages

Git / github.com/jupyter/notebook

Affected ranges

Type: GIT
Repo: https://github.com/jupyter/notebook
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08c4c898182edbe97aadef1815cce50448f975cb

Fixed

70fe9f0ddb3023162ece21fbb77d5564306b913b

Fixed

d65328d4841892b412aef9015165db1eb029a8ed

Type: GIT
Repo: https://github.com/jupyterhub/jupyterhub
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6a4900c46813079e5792fc5b38d1ca8ba681e318

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.4.1

0.5.0

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.8.0

0.8.0b1

0.8.0b2

0.8.0b3

0.8.0b4

0.8.0b5

0.8.0rc1

0.8.0rc2

0.8.1

0.9.0

0.9.0b1

0.9.0b2

0.9.0b3

0.9.0rc1

0.9.1

0.9.2

0.9.3

0.9.4

4.*

4.0.0

4.0.1

4.1.0

5.*

5.0.0

5.0.0-rc.1

5.0.0b1

5.0.0b2

5.0.0rc2

5.1.0

5.1.0rc1

5.1.0rc2

5.1.0rc3

5.2.0

5.2.0rc1

5.3.0

5.3.0rc1

5.3.1

5.4.0

5.5.0

5.5.0rc1

5.6.0

5.6.0rc1

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6