CVE-2020-26215: Open redirect in Jupyter Notebook
(updated )
What kind of vulnerability is it? Who is impacted?
Open redirect vulnerability - a maliciously crafted link to a notebook server could redirect the browser to a different website.
All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet.
References
- github.com/advisories/GHSA-c7vm-f5p4-8fqh
- github.com/jupyter/notebook
- github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74
- github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
- github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2020-215.yaml
- lists.debian.org/debian-lts-announce/2020/12/msg00004.html
- nvd.nist.gov/vuln/detail/CVE-2020-26215
Code Behaviors & Features
Detect and mitigate CVE-2020-26215 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →