{"api_version":"1","generated_at":"2026-04-27T03:13:33+00:00","cve":"CVE-2019-10255","urls":{"html":"https://cve.report/CVE-2019-10255","api":"https://cve.report/api/cve/CVE-2019-10255.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10255","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10255"},"summary":{"title":"CVE-2019-10255","description":"An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-03-28 16:29:00","updated_at":"2023-11-07 03:02:00"},"problem_types":["CWE-601"],"metrics":[],"references":[{"url":"https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb","name":"https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"protect against chrome mishandling backslash as slash in URLs · jupyter/notebook@08c4c89 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/","name":"FEDORA-2019-a6e1287e76","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: python-notebook-5.7.8-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed","name":"https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"changelog for redirect check · jupyter/notebook@d65328d · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/","name":"FEDORA-2019-a6e1287e76","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: python-notebook-5.7.8-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/","name":"FEDORA-2019-9e67979b2a","refsource":"","tags":[],"title":"[SECURITY] Fedora 29 Update: python-notebook-5.7.8-1.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c","name":"https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Comparing 05aa4b2...16cf97c · jupyter/notebook · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4","name":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4","refsource":"MISC","tags":["Vendor Advisory"],"title":"Open Redirect Vulnerability in Jupyter, JupyterHub – Jupyter Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b","name":"https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"parse urls when validating redirect targets · jupyter/notebook@70fe9f0 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/","name":"FEDORA-2019-9e67979b2a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 29 Update: python-notebook-5.7.8-1.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10255","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10255","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jupyter","cpe5":"jupyterhub","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jupyter","cpe5":"jupyterhub","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jupyter","cpe5":"notebook","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jupyter","cpe5":"notebook","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-10255","qid":"198916","title":"Ubuntu Security Notification for Jupyter Notebook Vulnerabilities (USN-5585-1)"},{"cve":"CVE-2019-10255","qid":"980870","title":"Python (pip) Security Update for jupyterhub (GHSA-rv62-4pmj-xw6h)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-10255","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed","refsource":"MISC","name":"https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed"},{"url":"https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb","refsource":"MISC","name":"https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb"},{"url":"https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b","refsource":"MISC","name":"https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b"},{"url":"https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c","refsource":"MISC","name":"https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c"},{"url":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4","refsource":"MISC","name":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4"},{"refsource":"FEDORA","name":"FEDORA-2019-a6e1287e76","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/"},{"refsource":"FEDORA","name":"FEDORA-2019-9e67979b2a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/"}]}},"nvd":{"publishedDate":"2019-03-28 16:29:00","lastModifiedDate":"2023-11-07 03:02:00","problem_types":["CWE-601"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jupyter:jupyterhub:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10255","Ordinal":"148483","Title":"CVE-2019-10255","CVE":"CVE-2019-10255","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10255","Ordinal":"1","NoteData":"An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10255","Ordinal":"2","NoteData":"2019-03-28","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10255","Ordinal":"3","NoteData":"2019-04-11","Type":"Other","Title":"Modified"}]}}}