CVE-2014-3429 – ipython

Package

Manager: pip
Name: ipython
Vulnerable Version: >=0.12 <1.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.02089 pctl0.83349

Details

IPython Notebook vulnerable to improper validation of the origin of websocket requests IPython Notebook 0.12 through 1.x before 1.2.0 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

Metadata

Created: 2022-05-14T02:05:20Z
Modified: 2024-09-23T16:59:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-75cw-5cgv-g853/GHSA-75cw-5cgv-g853.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-75cw-5cgv-g853
Finding: F422
Auto approve: 1