CVE-2019-9644

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9644.json

Aliases

Related

USN-5585-1

Published

2019-03-12T09:29:00Z

Modified

2023-11-29T07:41:52.830657Z

Details

An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.

References

Affected packages

Git / github.com/jupyter/notebook

Affected ranges

Type: GIT
Repo: https://github.com/jupyter/notebook
Events: Introduced

0The exact introduced commit is unknown

Fixed

05aa4b2cffb55896b53f0a5e50bc9bca405cb29f

Affected versions

4.*

4.0.0

4.0.1

4.1.0

5.*

5.0.0

5.0.0-rc.1

5.0.0b1

5.0.0b2

5.0.0rc2

5.1.0

5.1.0rc1

5.1.0rc2

5.1.0rc3

5.2.0

5.2.0rc1

5.3.0

5.3.0rc1

5.3.1

5.4.0

5.5.0

5.5.0rc1

5.6.0

5.6.0rc1

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5