Open mend-bolt-for-github[bot] opened 4 years ago
Jupyter Notebook - A web-based notebook environment for interactive computing
Library home page: https://files.pythonhosted.org/packages/d0/ca/a5a5ac9c839868ceddaa2672c399492ac1dbd4c4ce68f833a72a619fc225/notebook-5.4.0-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/Container-Security-With-JenkinsCI/requirements.txt
Path to vulnerable library: /Container-Security-With-JenkinsCI/requirements.txt
Dependency Hierarchy: - :x: **notebook-5.4.0-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 42e25a9058c32f27c8cf53e7721d0dadc0b983d6
Found in base branch: master
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
Publish Date: 2019-04-04
URL: CVE-2019-10856
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10856
Release Date: 2019-04-04
Fix Resolution: 5.7.8
Step up your Open Source Security Game with Mend here
CVE-2019-10856 - Medium Severity Vulnerability
Jupyter Notebook - A web-based notebook environment for interactive computing
Library home page: https://files.pythonhosted.org/packages/d0/ca/a5a5ac9c839868ceddaa2672c399492ac1dbd4c4ce68f833a72a619fc225/notebook-5.4.0-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/Container-Security-With-JenkinsCI/requirements.txt
Path to vulnerable library: /Container-Security-With-JenkinsCI/requirements.txt
Dependency Hierarchy: - :x: **notebook-5.4.0-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 42e25a9058c32f27c8cf53e7721d0dadc0b983d6
Found in base branch: master
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
Publish Date: 2019-04-04
URL: CVE-2019-10856
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10856
Release Date: 2019-04-04
Fix Resolution: 5.7.8
Step up your Open Source Security Game with Mend here