Vulnerabilities > Jupyter > Jupyterhub > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-36191 Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
network
low complexity
jupyter CWE-352
4.5
2019-03-28 CVE-2019-10255 Open Redirect vulnerability in Jupyter Jupyterhub and Notebook
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login.
network
low complexity
jupyter CWE-601
6.1