GHSA-29gw-9793-fvw7

Suggest an improvement
Source
https://github.com/advisories/GHSA-29gw-9793-fvw7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-29gw-9793-fvw7/GHSA-29gw-9793-fvw7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-29gw-9793-fvw7
Aliases
Published
2023-02-10T19:55:53Z
Modified
2024-09-24T21:03:26.996573Z
Severity
  • 4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
IPython vulnerable to command injection via set_term_title
Details

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the set_term_title function under specific conditions. This has been patched in version 8.10.0.

Impact

Users are only vulnerable when calling this function in Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, set_term_title could introduce a vulnerability for dependencies. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to cd into this directory, then the attacker can execute arbitrary commands contained in the folder names.

References

Affected packages

PyPI / ipython

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.10.0

Affected versions

0.*

0.7.1.fix1
0.7.4.svn.r2010
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.10
0.10.1
0.10.2
0.11
0.12
0.12.1
0.13
0.13.1
0.13.2

1.*

1.0.0
1.1.0
1.2.0
1.2.1

2.*

2.0.0
2.1.0
2.2.0
2.3.0
2.3.1
2.4.0
2.4.1

3.*

3.0.0
3.1.0
3.2.0
3.2.1
3.2.2
3.2.3

4.*

4.0.0-b1
4.0.0b1
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0rc1
4.1.0rc2
4.1.0
4.1.1
4.1.2
4.2.0
4.2.1

5.*

5.0.0b1
5.0.0b2
5.0.0b3
5.0.0b4
5.0.0rc1
5.0.0
5.1.0
5.2.0
5.2.1
5.2.2
5.3.0
5.4.0
5.4.1
5.5.0
5.6.0
5.7.0
5.8.0
5.9.0
5.10.0

6.*

6.0.0rc1
6.0.0
6.1.0
6.2.0
6.2.1
6.3.0
6.3.1
6.4.0
6.5.0

7.*

7.0.0b1
7.0.0rc1
7.0.0
7.0.1
7.1.0
7.1.1
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.7.0
7.8.0
7.9.0
7.10.0
7.10.1
7.10.2
7.11.0
7.11.1
7.12.0
7.13.0
7.14.0
7.15.0
7.16.0
7.16.1
7.16.2
7.16.3
7.17.0
7.18.0
7.18.1
7.19.0
7.20.0
7.21.0
7.22.0
7.23.0
7.23.1
7.24.0
7.24.1
7.25.0
7.26.0
7.27.0
7.28.0
7.29.0
7.30.0
7.30.1
7.31.0
7.31.1
7.32.0
7.33.0
7.34.0

8.*

8.0.0a1
8.0.0b1
8.0.0rc1
8.0.0
8.0.1
8.1.0
8.1.1
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.8.0
8.9.0

Ecosystem specific

{
    "affected_functions": [
        "IPython.utils.terminal.set_term_title"
    ]
}