UBUNTU-CVE-2019-9644
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 12 Mar 2019, 09:29
Last modified:04 Feb 2026, 03:06
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.4 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Mar 2019, 09:29
Published
Vulnerability first disclosed
04 Feb 2026, 03:06
Last Modified
Vulnerability information updated
Description
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.4CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Systems
- ubuntu•jupyter-notebook
< 5.2.2-1ubuntu0.1
References (7)
- https://ubuntu.com/security/CVE-2019-9644
- https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c
- https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798
- https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119
- https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2
- https://ubuntu.com/security/notices/USN-5585-1
- https://www.cve.org/CVERecord?id=CVE-2019-9644