An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before
5.7.6 allows inclusion of resources on malicious pages when visited by
users who are authenticated with a Jupyter server. Access to the content of
resources has been demonstrated with Internet Explorer through capturing of
error messages, though not reproduced with other browsers. This occurs
because Internet Explorer's error messages can include the content of any
invalid JavaScript that was encountered.
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):needs-triage
More Information

Updated: 2019-07-18 17:44:12 UTC (commit 649f8c6455205380e35ed054e9ea734222c716bb)