Command Injection

2023-02-1408:39:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

command injection

ipython

windows

input sanitization

ctypes

0.001 Low

EPSS

Percentile

29.8%

JSON

ipython is vulnerable to Command Injection. The vulnerability exists due to improper input sanitization in the _set_term_title function of terminal.py, which allows an attacker to inject maliciously crafted commands if the host is running Windows and ctypes is not available.

CPENameOperatorVersion
ipythonle8.9.0
ipythonle8.9.0

CPE	Name	Operator	Version
	ipython	le	8.9.0
	ipython	le	8.9.0

References

github.com/advisories/GHSA-29gw-9793-fvw7

github.com/Carreau/ipython/blob/7557ade0ed927475d5ab5b573d0ea4febfb22683/docs/source/whatsnew/version8.rst#ipython-810

github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117

github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20

github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f

github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for VERACODE:39257