VYPR

Vendor CVEs

Jupyter

All CVEs

62 total · sorted by risk
  • CVE-2021-32797Aug 9, 2021
    risk 0.00cvss epss 0.03

    JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is…

  • CVE-2020-26275Dec 21, 2020
    risk 0.00cvss epss 0.01

    The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect…

  • CVE-2020-26261Dec 9, 2020
    risk 0.00cvss epss 0.00

    jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly…

  • CVE-2020-26250Dec 1, 2020
    risk 0.00cvss epss 0.01

    OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning,…

  • CVE-2020-26232Nov 24, 2020
    risk 0.00cvss epss 0.01

    Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably…

  • CVE-2020-26215Nov 18, 2020
    risk 0.00cvss epss 0.01

    Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be…

  • CVE-2020-15110Jul 17, 2020
    risk 0.00cvss epss 0.01

    In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

  • CVE-2019-10856Apr 4, 2019
    risk 0.00cvss epss 0.01

    In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

  • CVE-2019-10255Mar 28, 2019
    risk 0.00cvss epss 0.02

    An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url…

  • CVE-2019-9644Mar 12, 2019
    risk 0.00cvss epss 0.02

    An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer…

  • CVE-2015-7337Sep 29, 2015
    risk 0.00cvss epss 0.02

    The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

  • CVE-2015-6938Sep 21, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported…

Page 2 of 2