PYSEC-2020-234

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/jupyter-server/PYSEC-2020-234.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-234

Aliases

Published

2020-11-24T21:15:00Z

Modified

2023-11-08T04:03:15.400330Z

Summary

[none]

Details

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.

References

Affected packages

PyPI / jupyter-server

Package

Name: jupyter-server; View open source insights on deps.dev
Purl: pkg:pypi/jupyter-server

Affected ranges

Type: GIT
Repo: https://github.com/jupyter-server/jupyter_server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3d83e49090289c431da253e2bdb8dc479cbcb157

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.6

Affected versions

0.*

0.0.0

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.1.0

0.1.1

0.2.0

0.2.1

0.3.0

1.*

1.0.0rc0

1.0.0rc1

1.0.0rc2

1.0.0rc3

1.0.0rc4

1.0.0rc5

1.0.0rc6

1.0.0rc7

1.0.0rc8

1.0.0rc9

1.0.0rc10

1.0.0rc11

1.0.0rc12

1.0.0rc13

1.0.0rc14

1.0.0rc15

1.0.0rc16

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5