{"id":"CVE-2020-26232","details":"Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.","aliases":["GHSA-grfj-wjv9-4f9v","PYSEC-2020-234"],"modified":"2026-05-19T04:01:20.375864123Z","published":"2020-11-24T21:15:11.557Z","related":["openSUSE-SU-2024:11233-1","openSUSE-SU-2024:14143-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18"},{"type":"ADVISORY","url":"https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v"},{"type":"FIX","url":"https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jupyter-server/jupyter_server","events":[{"introduced":"0"},{"fixed":"e17091698fb90db938a6a3d875b48271597a6db5"},{"fixed":"3d83e49090289c431da253e2bdb8dc479cbcb157"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.0.6"}],"cpe":"cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["1.0.5","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0","1.0.0rc16","1.0.0rc15","1.0.0rc14","1.0.0rc13","1.0.0rc12","1.0.0rc11","1.0.0rc10","1.0.0rc9","1.0.0rc8","1.0.0rc7","1.0.0rc6","1.0.0rc5","1.0.0rc4","1.0.0rc3","1.0.0rc2","1.0.0rc1","0.3.0","0.2.0","0.1.1","0.1.0","0.0.5","0.0.4","0.0.3","0.0.2","0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26232.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}