vulnerability
FreeBSD: VID-72a6e3be-483a-11e9-92d7-f1590402501e: Jupyter notebook -- cross-site inclusion (XSSI) vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Mar 16, 2019 | Mar 17, 2019 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 16, 2019
Added
Mar 17, 2019
Modified
Dec 10, 2025
Description
Jupyter notebook Changelog: 5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability, where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server. The fix involves setting the X-Content-Type-Options: nosniff header, and applying CSRF checks previously on all non-GET API requests to GET requests to API endpoints and the /files/ endpoint. The attacking page is able to access some contents of files when using Internet Explorer through script errors, but this has not been demonstrated with other browsers. A CVE has been requested for this vulnerability.
Solutions
freebsd-upgrade-package-py27-notebookfreebsd-upgrade-package-py35-notebookfreebsd-upgrade-package-py36-notebookfreebsd-upgrade-package-py37-notebook
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.