CVE-2020-26275

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 1.1.1

Description The issue is an open redirect vulnerability that could cause the Jupyter server to redirect the browser to a different malicious website. All Jupyter servers running without a base url prefix are technically affected. However, these maliciously crafted links can only be reasonably made for known Jupyter server hosts. A link to a Jupyter server may appear safe but ultimately redirect to a spoofed server on the public internet.

Recommendations For versions prior to 1.1.1, upgrade to version 1.1.1 to resolve the issue. As a temporary workaround, consider running the server on a URL prefix by using the command jupyter server --ServerApp.base url=/jupyter/.