CVE-2015-7337 — Improper Input Validation in Ipython

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ipython Jupyter Notebook Ipython Notebook

Timeline

PublishedSep 29

Latest updateJun 30

Description

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶PyPIjupyter/notebook4.0.0 — 4.0.5

▶NVDipython/notebook3.2.1

▶NVDjupyter/notebook5 versions+4

▶PyPIipython/ipython< 3.2.2+1

🔴Vulnerability Details

OSV

Improper Input Validation in Jupyter Notebook↗2022-05-17

▶

GHSA

Improper Input Validation in Jupyter Notebook↗2022-05-17

▶

OSV

CVE-2015-7337: The editor in IPython Notebook before 3↗2015-09-29

▶

CVEList

CVE-2015-7337: The editor in IPython Notebook before 3↗2015-09-29

▶

📋Vendor Advisories

Debian

CVE-2015-7337: ipython - The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4....↗2015

▶

📄Research Papers

arXiv

Threat Assessment in Machine Learning based Systems↗2022-06-30

▶

💬Community

Bugzilla

CVE-2015-7337 ipython: Maliciously crafted files can be executed due to wrong file type determination↗2015-09-17

▶