CVE-2020-26232: Open redirect in Jupyter Server
4.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.46085%
CWE
Published
11/24/2020
Updated
9/23/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
jupyter-server | pip | < 1.0.6 | 1.0.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The commit diff shows critical changes to the TrailingSlashHandler's get method in handlers.py. The vulnerability stemmed from how URI paths were processed:
- Original code used request.path.rstrip('/') which could leave leading slashes
- This allowed paths like '//example.com' to be normalized to '/example.com'
- The redirect logic didn't properly validate the resulting path, enabling external domain redirects
- The patch added proper path sanitization (trimming both leading/trailing slashes) to prevent this vector
- The CVE description explicitly mentions this was an open redirect in URI handling
- The vulnerability type (CWE-601) matches the pattern of improper redirect validation