Описание
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Ссылки
- Third Party Advisory
- Press/Media CoverageTechnical Description
- Third Party Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- Broken Link
- Issue Tracking
- Issue TrackingPatch
- Third Party Advisory
- Press/Media CoverageTechnical Description
- Third Party Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- Broken Link
- Issue Tracking
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ipython:ipython_notebook:0.12:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:0.13:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipython:ipython_notebook:1.1.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02089
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
ubuntu
больше 11 лет назад
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
debian
больше 11 лет назад
IPython Notebook 0.12 through 1.x before 1.2 does not validate the ori ...
CVSS3: 9.8
github
больше 3 лет назад
IPython Notebook vulnerable to improper validation of the origin of websocket requests
EPSS
Процентиль: 84%
0.02089
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94