CVE-2020-26232

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 1.0.6

Description The issue is an Open redirect vulnerability, where a maliciously crafted link to a Jupyter server could redirect the browser to a different website. All Jupyter servers are technically affected, but these maliciously crafted links can only be reasonably made for known Jupyter server hosts. A link to a Jupyter server may appear safe but ultimately redirect to a spoofed server on the public internet.

Recommendations For versions prior to 1.0.6, upgrade to Jupyter Server version 1.0.6 to resolve the issue. As a temporary workaround, consider avoiding the use of links to Jupyter servers from unknown or untrusted sources until the upgrade is applied.