An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-0095 An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
Github GHSA Github GHSA GHSA-hhx8-cr55-qcxx Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ubuntu USN Ubuntu USN USN-5585-1 Jupyter Notebook vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T21:54:45.055Z

Reserved: 2019-03-09T00:00:00

Link: CVE-2019-9644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-12T09:29:00.297

Modified: 2024-11-21T04:52:02.443

Link: CVE-2019-9644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.