Descriptionjupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database||SUSE|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA python310-jupyter-server-2.7.3-1.1
SUSE Timeline for this CVECVE page created: Tue Aug 29 00:02:17 2023
CVE page last modified: Sat Nov 18 00:35:31 2023