Описание
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ipython | fixed | 2.4.1-1 | package | |
| ipython | no-dsa | jessie | package | |
| ipython | not-affected | wheezy | package | |
| ipython | not-affected | squeeze | package |
Примечания
https://github.com/ipython/ipython/commit/1fcc9943c000ab553ebc029db99ecbd0536960d6
https://www.openwall.com/lists/oss-security/2015/06/22/4
EPSS
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Improper Neutralization of Input During Web Page Generation in IPython
EPSS