CVE-2015-5607 — Cross-Site Request Forgery in Ipython

CWE-352 — Cross-Site Request Forgery9 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 50.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ipython Fedoraproject Fedora

Timeline

PublishedSep 20

Latest updateMar 15

Description

Cross-site request forgery in the REST API in IPython 2 and 3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶PyPIipython/ipython0.12 — 2.4.1+1

▶Debianipython/ipython< 2.4.1-1+3

▶Ubuntuipython/ipython< 1.2.1-2ubuntu0.1~esm1+2

▶NVDipython/ipython13 versions+12

Also affects: Fedora 21, 22

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

ipython vulnerabilities↗2023-03-15

▶

OSV

IPython vulnerable to cross site request forgery (CSRF)↗2022-05-17

▶

GHSA

IPython vulnerable to cross site request forgery (CSRF)↗2022-05-17

▶

CVEList

CVE-2015-5607: Cross-site request forgery in the REST API in IPython 2 and 3↗2017-09-20

▶

OSV

CVE-2015-5607: Cross-site request forgery in the REST API in IPython 2 and 3↗2017-09-20

▶

📋Vendor Advisories

Ubuntu

IPython vulnerabilities↗2023-03-15

▶

Debian

CVE-2015-5607: ipython - Cross-site request forgery in the REST API in IPython 2 and 3.↗2015

▶

💬Community

Bugzilla

CVE-2015-5607 iptyhon: cross-site request forgery in get_origin()↗2015-07-16

▶