Open redirect in Jupyter Server
Description
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jupyter Server before 1.0.6 contains an open redirect vulnerability that could allow an attacker to redirect users to a malicious site via a crafted link.
Vulnerability
Jupyter Server versions prior to 1.0.6 are affected by an open redirect vulnerability [1]. The root cause is improper validation of redirect URLs, allowing a crafted link to a Jupyter server to redirect the browser to an arbitrary external website [1]. This issue affects all Jupyter server deployments, but exploitation requires the attacker to know the target server's hostname [1].
Exploitation
An attacker can craft a link that appears to point to a legitimate Jupyter server but actually redirects the user to a spoofed server on the public internet [1]. No authentication is required to trigger the redirect; the victim simply needs to click the malicious link. The attack surface is limited to users who interact with known Jupyter server hosts, as the crafted link must reference a valid server [1].
Impact
Successful exploitation redirects the user to an attacker-controlled website, which can be used for phishing attacks, credential theft, or other social engineering schemes [1][4]. The redirect occurs transparently, making the spoofed site appear as a legitimate continuation of the Jupyter session.
Mitigation
The vulnerability is fixed in Jupyter Server version 1.0.6, released on 2020-11-18 [3]. Users are strongly advised to upgrade to this version or later. No workarounds are documented; upgrading is the only reliable mitigation [4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jupyter-serverPyPI | < 1.0.6 | 1.0.6 |
Affected products
2- jupyter/jupyter_serverv5Range: < 1.0.6
Patches
13d83e4909028Merge pull request from GHSA-grfj-wjv9-4f9v
2 files changed · +34 −4
jupyter_server/base/handlers.py+6 −3 modified@@ -776,9 +776,12 @@ class TrailingSlashHandler(web.RequestHandler): """ def get(self): - uri = self.request.path.rstrip("/") - if uri: - self.redirect('?'.join((uri, self.request.query))) + path, *rest = self.request.uri.partition("?") + # trim trailing *and* leading / + # to avoid misinterpreting repeated '//' + path = "/" + path.strip("/") + new_uri = "".join([path, *rest]) + self.redirect(new_uri) post = put = get
tests/test_paths.py+28 −1 modified@@ -1,5 +1,6 @@ import re - +import pytest +import tornado from jupyter_server.base.handlers import path_regex @@ -29,3 +30,29 @@ def test_path_regex_bad(): '/y/x/foo', ): assert re.match(path_pat, path) is None + + +@pytest.mark.parametrize( + 'uri,expected', + [ + ("/notebooks/mynotebook/", "/notebooks/mynotebook"), + ("////foo///", "/foo"), + ("//example.com/", "/example.com"), + ("/has/param/?hasparam=true", "/has/param?hasparam=true"), + ] +) +async def test_trailing_slash(uri, expected, http_server_client, auth_header, base_url): + # http_server_client raises an exception when follow_redirects=False + with pytest.raises(tornado.httpclient.HTTPClientError) as err: + await http_server_client.fetch( + uri, + headers=auth_header, + request_timeout=20, + follow_redirects=False + ) + # Capture the response from the raised exception value. + response = err.value.response + assert response.code == 302 + assert "Location" in response.headers + assert response.headers["Location"] == expected + assert False
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-grfj-wjv9-4f9vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26232ghsaADVISORY
- github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157ghsax_refsource_MISCWEB
- github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9vghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2020-234.yamlghsaWEB
News mentions
0No linked articles in our index yet.