CVE-2020-26232
Summary
| CVE | CVE-2020-26232 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-11-24 21:15:00 UTC |
|---|
| Updated | 2020-12-02 20:21:00 UTC |
|---|
| Description | Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Merge pull request from GHSA-grfj-wjv9-4f9v · jupyter-server/jupyter_server@3d83e49 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| jupyter_server/CHANGELOG.md at master · jupyter-server/jupyter_server · GitHub |
MISC |
github.com |
Release Notes, Third Party Advisory |
| Open redirect vulnerability · Advisory · jupyter-server/jupyter_server · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983220 Python (pip) Security Update for jupyter-server (GHSA-grfj-wjv9-4f9v)
