Fluid Attacks Database

Description

IPython vulnerable to cross site request forgery (CSRF) IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	ipython	>=0.12 <2.4.1 \|\| >=3.0.0 <3.2.3	2.4.1, 3.2.3
debian 11	ipython	>=0 <2.4.1-1	2.4.1-1
debian 12	ipython	>=0 <2.4.1-1	2.4.1-1
debian 13	ipython	>=0 <2.4.1-1	2.4.1-1
debian 14	ipython	>=0 <2.4.1-1	2.4.1-1

Aliases

1. CVE-2015-56072. NVD-2015-56073. OSV-2015-56074. OSV-DEBIAN-2015-56075. GHSA-7fc2-rm35-2pp76. GCVE-2015-56077. SECURITY-TRACKER-CVE-2015-5607

References

1. https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f08162. https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b03. https://bugzilla.redhat.com/show_bug.cgi?id=12438424. https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2017-47.yaml5. http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html6. http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html7. http://www.openwall.com/lists/oss-security/2015/07/21/3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.