CVE-2020-26275: URL Redirection to Untrusted Site ('Open Redirect')
(updated )
The Jupyter Server provides the backend (i.If upgrade is not available, a workaround can be to run your server on a url prefix: “jupyter server –ServerApp.base_url=/jupyter/”.
References
- advisory.checkmarx.net/advisory/CX-2020-4291
- github.com/advisories/GHSA-9f66-54xg-pc2c
- github.com/jupyter-server/jupyter_server/commit/85e4abccf6ea9321d29153f73b0bd72ccb3a6bca
- github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c
- nvd.nist.gov/vuln/detail/CVE-2020-26275
- pypi.org/project/jupyter-server/
Detect and mitigate CVE-2020-26275 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →