Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-10856

Published: 4 April 2019

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

Notes

AuthorNote
ccdm94
ipython does not contain notebook starting on version
4.0.

Priority

Medium

Cvss 3 Severity Score

6.1

Score breakdown

Status

Package Release Status
ipython
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(code not present)
eoan Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
jupyter-notebook
Launchpad, Ubuntu, Debian
bionic
Released (5.2.2-1ubuntu0.1)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal
Released (6.0.3-2ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy
Released (6.4.8-1ubuntu0.1)
kinetic Needed

precise Does not exist

trusty Does not exist

upstream Not vulnerable
(debian: Incomplete fix for CVE-2019-10255 not applied)
xenial Does not exist

Severity score breakdown

Parameter Value
Base score 6.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N