CVE-2019-10856 — Open Redirect in Notebook

CWE-601 — Open Redirect11 documents8 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 62.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jupyter Notebook

Timeline

PublishedApr 4

Latest updateAug 30

Description

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDjupyter/notebook< 5.7.8

▶PyPIjupyter/notebook< 5.7.8

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

jupyter-notebook vulnerabilities↗2022-08-30

▶

OSV

Jupyter Notebook open redirect vulnerability↗2019-04-09

▶

GHSA

Jupyter Notebook open redirect vulnerability↗2019-04-09

▶

CVEList

CVE-2019-10856: In Jupyter Notebook before 5↗2019-04-04

▶

OSV

CVE-2019-10856: In Jupyter Notebook before 5↗2019-04-04

▶

📋Vendor Advisories

Ubuntu

Jupyter Notebook vulnerabilities↗2022-08-30

▶

Debian

CVE-2019-10856: jupyter-notebook - In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc...↗2019

▶

📄Research Papers

arXiv

Threat Assessment in Machine Learning based Systems↗2022-06-30

▶

💬Community

Bugzilla

CVE-2019-10856 python-notebook: open redirect vulnerability by an empty netloc↗2019-04-05

▶

Bugzilla

CVE-2019-10856 python-notebook: open redirect vulnerability by an empty netloc [fedora-all]↗2019-04-05

▶