CVE-2019-10856

Published: 4 April 2019

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

Notes

Author	Note
ccdm94	ipython does not contain notebook starting on version 4.0.

6.1

Package	Release	Status
ipython Launchpad, Ubuntu, Debian	impish	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	bionic	Not vulnerable (code not present)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (code not present)
	eoan	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
jupyter-notebook Launchpad, Ubuntu, Debian	hirsute	Ignored (end of life)
	groovy	Ignored (end of life)
	kinetic	Ignored (end of life, was needed)
	impish	Ignored (end of life)
	lunar	Needed
	bionic	Released (5.2.2-1ubuntu0.1)
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Released (6.0.3-2ubuntu0.1)
	jammy	Released (6.4.8-1ubuntu0.1)
	trusty	Does not exist
	upstream	Not vulnerable (debian: Incomplete fix for CVE-2019-10255 not applied)
	xenial	Does not exist

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.