CVE-2019-9644

Priority
Description
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before
5.7.6 allows inclusion of resources on malicious pages when visited by
users who are authenticated with a Jupyter server. Access to the content of
resources has been demonstrated with Internet Explorer through capturing of
error messages, though not reproduced with other browsers. This occurs
because Internet Explorer's error messages can include the content of any
invalid JavaScript that was encountered.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):not-affected (5.7.8-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (5.7.8-1)
More Information

Updated: 2020-10-24 07:00:38 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)