An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-12T06:00:00
Updated: 2019-04-12T02:06:00
Reserved: 2019-03-09T00:00:00
Link: CVE-2019-9644
JSON object: View
NVD Information
Status : Modified
Published: 2019-03-12T09:29:00.297
Modified: 2023-11-07T03:13:44.760
Link: CVE-2019-9644
JSON object: View
Redhat Information
No data.
CWE