Lucene search

[email protected]CVE-2015-7337

HistorySep 29, 2015 - 7:59 p.m.

CVE-2015-7337

2015-09-2919:59:07

CWE-20

[email protected]

web.nvd.nist.gov

cve

ipython

jupyter

notebook

javascript

security

vulnerability

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Affected configurations

NVD

Node

ipythonnotebookRange≤3.2.1

Node

jupyternotebookMatch4.0.0

jupyternotebookMatch4.0.1

jupyternotebookMatch4.0.2

jupyternotebookMatch4.0.3

jupyternotebookMatch4.0.4

CPENameOperatorVersion
ipython:notebookipython notebookle3.2.1

CPE	Name	Operator	Version
ipython:notebook	ipython notebook	le	3.2.1

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html

seclists.org/oss-sec/2015/q3/558

seclists.org/oss-sec/2015/q3/634

bugzilla.redhat.com/show_bug.cgi?id=1264067

github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967

github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5

security.gentoo.org/glsa/201512-02

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2015-7337

nessus3 cvelist1 nvd1 debiancve1 ubuntucve1 osv3 github1 gentoo1 openvas1 prion1 freebsd1 fedora1