FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-20 09:44:03 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe7e322f-522d-11e9-98b5-216e512dad89	Jupyter notebook -- open redirect vulnerability Jupyter blog: Login pages tend to take a parameter for redirecting back to a page after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb, so that you aren't disrupted too much if you try to visit a page, but have to authenticate first. An Open Redirect Vulnerability is when a malicious person crafts a link pointing to the login page of a trusted site, but setting the "redirect after successful login" parameter to send the user to their own site, instead of a page on the authenticated site (the notebook or JupyterHub server), e.g. /login?next=http://badwebsite.biz. This doesn't necessarily compromise anything immediately, but it enables phishing if users don't notice that the domain has changed, e.g. by showing a fake "re-enter your password" page. Servers generally have to validate the redirect URL to avoid this. Both JupyterHub and Notebook already do this, but the validation didn't take into account all possible ways to redirect to other sites, so some malicious URLs could still be crafted to redirect away from the server (the above example does not work in any recent version of either package). Only certain browsers (Chrome and Firefox, not Safari) could be redirected from the JupyterHub login page, but all browsers could be redirected away from a standalone notebook server. Discovery 2019-03-28 Entry 2019-03-29 Modified 2019-04-06 py27-notebook py35-notebook py36-notebook py37-notebook < 5.7.8 https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst CVE-2019-10255
cf39ddf8-21be-11eb-8b47-641c67a117d8	jupyter notebook -- open redirect vulnerability Jupyter reports: 6.1.5 is a security release, fixing one vulnerability: Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned) Discovery 2020-10-15 Entry 2020-11-08 py37-notebook py38-notebook py39-notebook < 6.1.5 https://jupyter-notebook.readthedocs.io/en/stable/changelog.html#release-6-1-5 https://github.com/jupyter/notebook/blob/6.1.5/docs/source/changelog.rst

VuXML ID

Description

fe7e322f-522d-11e9-98b5-216e512dad89

Jupyter notebook -- open redirect vulnerability

Jupyter blog:

Login pages tend to take a parameter for redirecting back to a page after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb, so that you aren't disrupted too much if you try to visit a page, but have to authenticate first. An Open Redirect Vulnerability is when a malicious person crafts a link pointing to the login page of a trusted site, but setting the "redirect after successful login" parameter to send the user to their own site, instead of a page on the authenticated site (the notebook or JupyterHub server), e.g. /login?next=http://badwebsite.biz. This doesn't necessarily compromise anything immediately, but it enables phishing if users don't notice that the domain has changed, e.g. by showing a fake "re-enter your password" page. Servers generally have to validate the redirect URL to avoid this. Both JupyterHub and Notebook already do this, but the validation didn't take into account all possible ways to redirect to other sites, so some malicious URLs could still be crafted to redirect away from the server (the above example does not work in any recent version of either package). Only certain browsers (Chrome and Firefox, not Safari) could be redirected from the JupyterHub login page, but all browsers could be redirected away from a standalone notebook server.

Discovery 2019-03-28
Entry 2019-03-29
Modified 2019-04-06
py27-notebook
py35-notebook
py36-notebook
py37-notebook

< 5.7.8

https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
CVE-2019-10255

cf39ddf8-21be-11eb-8b47-641c67a117d8

jupyter notebook -- open redirect vulnerability

Jupyter reports:

6.1.5 is a security release, fixing one vulnerability: Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned)

Discovery 2020-10-15
Entry 2020-11-08
py37-notebook
py38-notebook
py39-notebook

< 6.1.5

https://jupyter-notebook.readthedocs.io/en/stable/changelog.html#release-6-1-5
https://github.com/jupyter/notebook/blob/6.1.5/docs/source/changelog.rst