CVE-2020-26215
Summary
| CVE | CVE-2020-26215 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-11-18 22:15:00 UTC |
|---|
| Updated | 2020-12-03 15:59:00 UTC |
|---|
| Description | Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 2477-1] jupyter-notebook security update |
MLIST |
lists.debian.org |
Third Party Advisory |
| Merge pull request from GHSA-c7vm-f5p4-8fqh · jupyter/notebook@3cec4bb · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| Open redirect vulnerability · Advisory · jupyter/notebook · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198916 Ubuntu Security Notification for Jupyter Notebook Vulnerabilities (USN-5585-1)
- 376124 Jupyter Notebook Open Redirect Vulnerability
- 750426 OpenSUSE Security Update for python-jupyter_notebook (openSUSE-SU-2021:0078-1)
- 750447 OpenSUSE Security Update for python-notebook (openSUSE-SU-2021:0024-1)
- 983218 Python (pip) Security Update for notebook (GHSA-c7vm-f5p4-8fqh)
