漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
jupyter_server next parameter open redirect can redirect users to external domains
Vulnerability Description
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Jupyter Server 输入验证错误漏洞
Vulnerability Description
Jupyter Server是Jupyter组织的一款用于为Jupyter Web应用提供后端服务的应用软件。 Jupyter Server 2.17.0及之前版本存在输入验证错误漏洞,该漏洞源于登录流程中next查询参数验证不足,可能导致重定向到任意外部域,攻击者可通过特制登录URL将用户重定向到恶意站点并促进钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A