Primary

Context

JupyterHub Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability exists in JupyterHub versions through 5.4.3. This vulnerability allows attackers to create links that redirect users from the JupyterHub login page to an external, attacker-controlled site, bypassing JupyterHub's built-in redirect checks.

Impact

Exploitation of this vulnerability allows for open redirect, where users are sent to an external site of the attacker's choice after logging into JupyterHub.

Remediation

Users can upgrade to JupyterHub version 5.4.4 to address this vulnerability. Additionally, deployments can apply filters on the Location header in a reverse proxy such as nginx, Apache, or Traefik.

Added: Apr 3, 2026, 10:25 PM

Updated: Apr 3, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

7.9

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

7.9

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JupyterHub Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JupyterHub

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating