An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2019-0095 | An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered. |
![]() |
GHSA-hhx8-cr55-qcxx | Improper Neutralization of Input During Web Page Generation in Jupyter Notebook |
![]() |
USN-5585-1 | Jupyter Notebook vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T21:54:45.055Z
Reserved: 2019-03-09T00:00:00
Link: CVE-2019-9644

No data.

Status : Modified
Published: 2019-03-12T09:29:00.297
Modified: 2024-11-21T04:52:02.443
Link: CVE-2019-9644

No data.

No data.