Published: 12/03/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook prior to 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jupyter notebook

Several security issues were fixed in Jupyter Notebook ...

Debian Bug report logs - #924515 jupyter-notebook: CVE-2019-9644 Package: src:jupyter-notebook; Maintainer for src:jupyter-notebook is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 13 Mar 2019 20:45:01 UTC Severity: important ...

Debian Bug report logs - #925939 jupyter-notebook: CVE-2019-10255: open redirect vulnerability Package: src:jupyter-notebook; Maintainer for src:jupyter-notebook is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 Mar 2019 21: ...

CWE-79 https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/https://ubuntu.com/security/notices/USN-5585-1 https://nvd.nist.gov

CVE-2019-9644

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect