Zhuonan Li

**Name of the Vulnerable Software and Affected Versions** Jupyter Server versions prior to 1.0.6 **Description** The issue is an Open redirect vulnerability, where a maliciously crafted link to a Jupyter server could redirect the browser to a different website. All Jupyter servers are technically affected, but these maliciously crafted links can only be reasonably made for known Jupyter server hosts. A link to a Jupyter server may appear safe but ultimately redirect to a spoofed server on the public internet. **Recommendations** For versions prior to 1.0.6, upgrade to Jupyter Server version 1.0.6 to resolve the issue. As a temporary workaround, consider avoiding the use of links to Jupyter servers from unknown or untrusted sources until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Jupyter Notebook versions prior to 6.1.5 **Description** The issue is an open redirect vulnerability, where a maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to a notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. **Recommendations** For versions prior to 6.1.5, update to version 6.1.5 to resolve the issue. As a temporary workaround, consider restricting access to known notebook server hosts to minimize the risk of exploitation. Avoid using links that may appear safe but could ultimately redirect to a spoofed server on the public internet.