GHSA-66gw-5xpf-gfp5

Source

https://github.com/advisories/GHSA-66gw-5xpf-gfp5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-66gw-5xpf-gfp5/GHSA-66gw-5xpf-gfp5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-66gw-5xpf-gfp5

Aliases

Published

2022-05-13T01:31:05Z

Modified

2024-09-23T16:38:38.984670Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Improper Neutralization of Input During Web Page Generation in IPython

Details

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

Database specific

{
    "nvd_published_at": "2017-09-20T18:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:15:29Z"
}

References

Affected packages

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0

Affected versions

0.*

0.7.1.fix1

0.7.4.svn.r2010

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.9

0.9.1

0.10

0.10.1

0.10.2

0.11

0.12

0.12.1

0.13

0.13.1

0.13.2

1.*

1.0.0

1.1.0

1.2.0

1.2.1

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

2.4.1

3.*

3.0.0

3.1.0