6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.5%
In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user’s machine when the client visits a crafted malicious page (CVE-2014-3429).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | ipython | < 0.13.2-1.1 | ipython-0.13.2-1.1.mga3 |
Mageia | 4 | noarch | ipython | < 1.1.0-3.1 | ipython-1.1.0-3.1.mga4 |