CVE-2019-10856
Aliases:GHSA-rcx2-m7jp-p9wjPYSEC-2019-158
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 04 Apr 2019, 15:48
Last modified:04 Aug 2024, 22:32
Vulnerability Summary
Overall Risk (default)
medium
34/100 CVSS Score
6.1 MEDIUM
v3.0 (nvd)
EPSS Score
0.17% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
04 Apr 2019, 15:48
Published
Vulnerability first disclosed
04 Aug 2024, 22:32
Last Modified
Vulnerability information updated
Description
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
CVSS Metrics
- v4.0•MEDIUM•Score: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
- v3.0•MEDIUM•Score: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- v2.0•MEDIUM•Score: 5.8AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.17%• Percentile: 38%
Techniques & Countermeasures
- CWE-601•URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Affected Systems
- jupyter•notebook
< 5.7.8
- PyPI•notebook
< 5.7.8
References (7)
- https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
- https://github.com/jupyter/notebook/compare/16cf97c...b8e30ea
- https://nvd.nist.gov/vuln/detail/CVE-2019-10856
- https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
- https://github.com/jupyter/notebook
- https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2019-158.yaml
- https://github.com/advisories/GHSA-rcx2-m7jp-p9wj