Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
Permalink: https://github.com/advisories/GHSA-hhx8-cr55-qcxxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-hhx8-cr55-qcxx, CVE-2019-9644
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-9644
- https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/
- https://github.com/advisories/GHSA-hhx8-cr55-qcxx
Blast Radius: 2.6
Affected Packages
pypi:jupyter-notebook
Dependent packages: 0Dependent repositories: 3
Downloads: last month
Affected Version Ranges: <= 5.7.5
Fixed in: 5.7.6
All affected versions:
All unaffected versions: