Safety vulnerability ID: 40385
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 7.5.0
Jupyter Notebook - A web-based notebook environment for interactive computing
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
- Launch the browser with a local file which redirects to the server
address including the authentication token ([4260](https://github.com/jupyter/notebook/pull/4260)). This prevents another logged-in user from stealing
the token from command line arguments and authenticating to the
server. The single-use token previously used to mitigate this has
been removed. Thanks to Dr. Owain Kenway for suggesting the local
file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has
been assigned
[CVE-2018-14041](https://nvd.nist.gov/vuln/detail/CVE-2018-14041) ([4271](https://github.com/jupyter/notebook/pull/4271)).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application