GHSA-29gw-9793-fvw7

Source

https://github.com/advisories/GHSA-29gw-9793-fvw7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-29gw-9793-fvw7/GHSA-29gw-9793-fvw7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29gw-9793-fvw7

Aliases

CVE-2023-24816

Published

2023-02-10T19:55:53Z

Modified

2024-09-24T21:03:26.996573Z

Severity

4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
2.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

IPython vulnerable to command injection via set_term_title

Details

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the set_term_title function under specific conditions. This has been patched in version 8.10.0.

Impact

Users are only vulnerable when calling this function in Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, set_term_title could introduce a vulnerability for dependencies. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to cd into this directory, then the attacker can execute arbitrary commands contained in the folder names.

Database specific

{
    "nvd_published_at": "2023-02-10T20:15:00Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-78"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-10T19:55:53Z"
}

References

Affected packages

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10.0

Affected versions

0.*

0.7.1.fix1

0.7.4.svn.r2010

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.9

0.9.1

0.10

0.10.1

0.10.2

0.11

0.12

0.12.1

0.13

0.13.1

0.13.2

1.*

1.0.0

1.1.0

1.2.0

1.2.1

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

2.4.1

3.*

3.0.0

3.1.0

3.2.0

3.2.1

3.2.2

3.2.3

4.*

4.0.0-b1

4.0.0b1

4.0.0

4.0.1

4.0.2

4.0.3

4.1.0rc1

4.1.0rc2

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

5.*

5.0.0b1

5.0.0b2

5.0.0b3

5.0.0b4

5.0.0rc1

5.0.0

5.1.0

5.2.0

5.2.1

5.2.2

5.3.0

5.4.0

5.4.1

5.5.0

5.6.0

5.7.0

5.8.0

5.9.0

5.10.0

6.*

6.0.0rc1

6.0.0

6.1.0

6.2.0

6.2.1

6.3.0

6.3.1

6.4.0

6.5.0

7.*

7.0.0b1

7.0.0rc1

7.0.0

7.0.1

7.1.0

7.1.1

7.2.0

7.3.0

7.4.0

7.5.0

7.6.0

7.6.1

7.7.0

7.8.0

7.9.0

7.10.0

7.10.1

7.10.2

7.11.0

7.11.1

7.12.0

7.13.0

7.14.0

7.15.0

7.16.0

7.16.1

7.16.2

7.16.3

7.17.0

7.18.0

7.18.1

7.19.0

7.20.0

7.21.0

7.22.0

7.23.0

7.23.1

7.24.0

7.24.1

7.25.0

7.26.0

7.27.0

7.28.0

7.29.0

7.30.0

7.30.1

7.31.0

7.31.1

7.32.0

7.33.0

7.34.0

8.*

8.0.0a1

8.0.0b1

8.0.0rc1

8.0.0

8.0.1

8.1.0

8.1.1

8.2.0

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.8.0

8.9.0

Ecosystem specific

{
    "affected_functions": [
        "IPython.utils.terminal.set_term_title"
    ]
}