{"id":"CVE-2019-10255","details":"An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.","aliases":["GHSA-rv62-4pmj-xw6h"],"modified":"2026-05-18T13:11:38.494505Z","published":"2019-03-28T16:29:00.567Z","related":["openSUSE-SU-2024:11242-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/"},{"type":"ADVISORY","url":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4"},{"type":"FIX","url":"https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb"},{"type":"FIX","url":"https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b"},{"type":"FIX","url":"https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed"},{"type":"FIX","url":"https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jupyter/notebook","events":[{"introduced":"0"},{"fixed":"16cf97cf3cc7bd3bacf939ecd86f2c1cc6944935"},{"fixed":"08c4c898182edbe97aadef1815cce50448f975cb"},{"fixed":"70fe9f0ddb3023162ece21fbb77d5564306b913b"},{"fixed":"d65328d4841892b412aef9015165db1eb029a8ed"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"5.7.7"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*"}}],"versions":["5.7.6","5.7.5","5.7.4","5.7.3","5.7.2","5.7.1","5.7.0","5.6.0","5.6.0rc1","5.5.0","5.5.0rc1","5.4.0","5.3.1","5.3.0","5.3.0rc1","5.2.0","5.2.0rc1","5.1.0","5.1.0rc3","5.1.0rc1","5.0.0","5.0.0rc2","5.0.0-rc.1","5.0.0b2","5.0.0b1","4.1.0","4.0.1","4.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10255.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/jupyterhub/jupyterhub","events":[{"introduced":"0"},{"fixed":"6a4900c46813079e5792fc5b38d1ca8ba681e318"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.9.5"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:jupyter:jupyterhub:*:*:*:*:*:*:*:*"}}],"versions":["0.9.4","0.9.3","0.9.2","0.9.1","0.9.0","0.9.0rc1","0.9.0b3","0.9.0b2","0.9.0b1","0.8.1","0.8.0","0.8.0rc2","0.8.0rc1","0.8.0b5","0.8.0b4","0.8.0b3","0.8.0b2","0.8.0b1","0.7.2","0.7.1","0.7.0","0.6.1","0.6.0","0.5.0","0.4.1","0.4.0","0.3.0","0.2.0","0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10255.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}