CVE-2023-24816 — Improper Input Validation in Ipython

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection7 documents5 sources

Severity

7.0HIGHNVD

CNA4.5GHSA10.0

EPSS

0.5%

top 32.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ipython

Timeline

PublishedFeb 10

Latest updateJun 12

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` pre…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5ipython/ipython< 8.10

▶NVDipython/ipython< 8.10.0

▶PyPIipython/ipython< 8.10.0+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language↗2023-06-12

▶

OSV

IPython vulnerable to command injection via set_term_title↗2023-02-10

▶

GHSA

IPython vulnerable to command injection via set_term_title↗2023-02-10

▶

CVEList

set_term_title command injection in ipython↗2023-02-10

▶

OSV

CVE-2023-24816: IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python progr↗2023-02-10

▶

📋Vendor Advisories

Debian

CVE-2023-24816: ipython - IPython (Interactive Python) is a command shell for interactive computing in mul...↗2023

▶