An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-12T06:00:00
Updated: 2024-08-04T21:54:45.055Z
Reserved: 2019-03-09T00:00:00
Link: CVE-2019-9644
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-12T09:29:00.297
Modified: 2024-11-21T04:52:02.443
Link: CVE-2019-9644
Redhat
No data.