PYSEC-2020-215

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2020-215.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-215

Aliases

Published

2020-11-18T22:15:00Z

Modified

2023-12-06T00:45:26.339506Z

Summary

[none]

Details

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

References

Affected packages

PyPI / notebook

Package

Name: notebook; View open source insights on deps.dev
Purl: pkg:pypi/notebook

Affected ranges

Type: GIT
Repo: https://github.com/jupyter/notebook
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3cec4bbe21756de9f0c4bccf18cf61d840314d74

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.5

Affected versions

0.*

0.0.0

4.*

4.0.0

4.0.1

4.0.2

4.0.4

4.0.5

4.0.6

4.1.0

4.2.0b1

4.2.0

4.2.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

5.*

5.0.0b1

5.0.0b2

5.0.0rc1

5.0.0rc2

5.0.0

5.1.0rc1

5.1.0rc2

5.1.0rc3

5.1.0

5.2.0rc1

5.2.0

5.2.1rc1

5.2.1

5.2.2

5.3.0rc1

5.3.0

5.3.1

5.4.0

5.4.1

5.5.0rc1

5.5.0

5.6.0rc1

5.6.0

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.8

5.7.9

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14a0

5.7.14

5.7.15

5.7.16

6.*

6.0.0rc1

6.0.0

6.0.1

6.0.2

6.0.3

6.1.0rc1

6.1.0

6.1.1

6.1.2

6.1.3

6.1.4