PYSEC-2020-215

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2020-215.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-215
Aliases
Published
2020-11-18T22:15:00Z
Modified
2023-12-06T01:00:27.330085Z
Summary
[none]
Details

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

References

Affected packages

PyPI / notebook

Package

Affected ranges

Type
GIT
Repo
https://github.com/jupyter/notebook
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.5

Affected versions

0.*

0.0.0

4.*

4.0.0
4.0.1
4.0.2
4.0.4
4.0.5
4.0.6
4.1.0
4.2.0b1
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1

5.*

5.0.0b1
5.0.0b2
5.0.0rc1
5.0.0rc2
5.0.0
5.1.0rc1
5.1.0rc2
5.1.0rc3
5.1.0
5.2.0rc1
5.2.0
5.2.1rc1
5.2.1
5.2.2
5.3.0rc1
5.3.0
5.3.1
5.4.0
5.4.1
5.5.0rc1
5.5.0
5.6.0rc1
5.6.0
5.7.0
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.7.8
5.7.9
5.7.10
5.7.11
5.7.12
5.7.13
5.7.14a0
5.7.14
5.7.15
5.7.16

6.*

6.0.0rc1
6.0.0
6.0.1
6.0.2
6.0.3
6.1.0rc1
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4