GHSA-92mr-v722-f48m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-92mr-v722-f48m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92mr-v722-f48m/GHSA-92mr-v722-f48m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-92mr-v722-f48m
- Aliases
-
- CVE-2015-7337
- PYSEC-2015-25
- PYSEC-2015-27
- Published
- 2022-05-17T03:25:49Z
- Modified
- 2024-09-20T22:11:36.501173Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Improper Input Validation in Jupyter Notebook
- Details
-
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
- Database specific
{ "nvd_published_at": "2015-09-29T19:59:00Z", "cwe_ids": [ "CWE-20" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-07-06T20:09:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-7337
- https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
- https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
- https://bugzilla.redhat.com/show_bug.cgi?id=1264067
- https://github.com/advisories/GHSA-92mr-v722-f48m
- https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2015-25.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2015-27.yaml
- https://security.gentoo.org/glsa/201512-02
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
- http://seclists.org/oss-sec/2015/q3/558
- http://seclists.org/oss-sec/2015/q3/634
Affected packages
PyPI / notebook
Package
- Name
- notebook
- View open source insights on deps.dev
- Purl
- pkg:pypi/notebook
PyPI / ipython
Package
- Name
- ipython
- View open source insights on deps.dev
- Purl
- pkg:pypi/ipython
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2
Affected versions
0.*
0.7.1.fix1
0.7.4.svn.r2010
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.10
0.10.1
0.10.2
0.11
0.12
0.12.1
0.13
0.13.1
0.13.2
1.*
1.0.0
1.1.0
1.2.0
1.2.1
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.3.1
2.4.0
2.4.1
3.*
3.0.0
3.1.0
3.2.0
3.2.1