CVE-2025-61669 in jupyter_serverالمعلومات

الملخص

بحسب MITRE • 05/05/2026

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

29/09/2025

إفشاء

05/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-361195

CPE

جاهز

CWE

CWE-601 (مؤكد)

CVSS

4.3 (VulDB)

EPSS

0.00010

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-61669
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-61669
CVE Details	https://www.cvedetails.com/cve/CVE-2025-61669/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!