{"id":"CVE-2019-10856","details":"In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.","aliases":["GHSA-rcx2-m7jp-p9wj","PYSEC-2019-158"],"modified":"2026-04-16T04:44:44.636859297Z","published":"2019-04-04T16:29:03.290Z","references":[{"type":"FIX","url":"https://github.com/jupyter/notebook/compare/16cf97c...b8e30ea"},{"type":"EVIDENCE","url":"https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jupyter/notebook","events":[{"introduced":"0"},{"fixed":"b8e30ea84bd614a193f5233cc875440e4580d12a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.7.8"}]}}],"versions":["4.0.0","4.0.1","4.1.0","5.0.0","5.0.0-rc.1","5.0.0b1","5.0.0b2","5.0.0rc2","5.1.0","5.1.0rc1","5.1.0rc3","5.2.0","5.2.0rc1","5.3.0","5.3.0rc1","5.3.1","5.4.0","5.5.0","5.5.0rc1","5.6.0","5.6.0rc1","5.7.0","5.7.1","5.7.2","5.7.3","5.7.4","5.7.5","5.7.6","5.7.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}