CVE-2019-10856

Published: 4 April 2019

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

Notes

Author	Note
ccdm94	ipython does not contain notebook starting on version 4.0.

6.1

Package	Release	Status
ipython Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (code not present)
	eoan	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	mantic	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
jupyter-notebook Launchpad, Ubuntu, Debian	bionic	Released (5.2.2-1ubuntu0.1)
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Released (6.0.3-2ubuntu0.1)
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Released (6.4.8-1ubuntu0.1)
	kinetic	Ignored (end of life, was needed)
	lunar	Ignored (end of life, was needed)
	mantic	Needed
	trusty	Does not exist
	upstream	Not vulnerable (debian: Incomplete fix for CVE-2019-10255 not applied)
	xenial	Does not exist

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.