Your submission was sent successfully! Close

CVE-2020-26215

Published: 18 November 2020

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
jupyter-notebook
Launchpad, Ubuntu, Debian
bionic
Released (5.2.2-1ubuntu0.1)
focal
Released (6.0.3-2ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(6.1.5-1ubuntu1)
impish Not vulnerable
(6.1.5-1ubuntu1)
jammy Not vulnerable
(6.1.5-1ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (4.2.3-4+deb9u2, 6.1.5-1)
xenial Does not exist

Patches:
upstream: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
upstream: https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74