Vulnerability Description
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jupyter | Notebook | < 6.1.5 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314PatchThird Party Advisory
- https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqhThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00004.htmlThird Party Advisory
- https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314PatchThird Party Advisory
- https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqhThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00004.htmlThird Party Advisory
FAQ
What is CVE-2020-26215?
CVE-2020-26215 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are te...
How severe is CVE-2020-26215?
CVE-2020-26215 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26215?
Check the references section above for vendor advisories and patch information. Affected products include: Jupyter Notebook, Debian Debian Linux.