Moderate severityOSV Advisory· Published Mar 12, 2019· Updated Aug 4, 2024
CVE-2019-9644
CVE-2019-9644
Description
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jupyter-notebookPyPI | < 5.7.6 | 5.7.6 |
notebookPyPI | < 5.7.6 | 5.7.6 |
Affected products
3- ghsa-coords2 versions
< 5.7.6+ 1 more
- (no CPE)range: < 5.7.6
- (no CPE)range: < 5.7.6
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-hhx8-cr55-qcxxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-9644ghsaADVISORY
- github.com/jupyter/notebook/compare/f3f00df...05aa4b2ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2019-159.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7DghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCUROghsaWEB
News mentions
0No linked articles in our index yet.