CVE-2023-24816 – ipython

Package

Manager: pip
Name: ipython
Vulnerable Version: >=0 <8.10.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00417 pctl0.6095

Details

IPython vulnerable to command injection via set_term_title IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the `set_term_title` [function](https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117) under specific conditions. This has been patched in version 8.10.0. ### Impact Users are only vulnerable when calling this function in Windows in a Python environment where [ctypes](https://docs.python.org/3/library/ctypes.html) is not available. The dependency on ctypes in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, `set_term_title` could introduce a vulnerability for dependencies. Currently `set_term_title` is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to `cd` into this directory, then the attacker can execute arbitrary commands contained in the folder names.

Metadata

Created: 2023-02-10T19:55:53Z
Modified: 2024-09-24T20:44:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-29gw-9793-fvw7/GHSA-29gw-9793-fvw7.json
CWE IDs: ["CWE-20", "CWE-78"]
Alternative ID: GHSA-29gw-9793-fvw7
Finding: F004
Auto approve: 1