Safety vulnerability ID: 35550
The information on this page was manually curated by our Cybersecurity Intelligence Team.
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Latest version: 8.30.0
IPython: Productive Interactive Computing
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
MLIST:[ipython-dev] 20140713 Vulnerability in IPython Notebook ≤ 1.1: http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198
MLIST:[oss-security] 20140715 IPython Notebook Cross 2014-3429: http://seclists.org/oss-sec/2014/q3/152
CONFIRM:http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1119890: https://bugzilla.redhat.com/show_bug.cgi?id=1119890
CONFIRM:https://github.com/ipython/ipython/pull/4845: https://github.com/ipython/ipython/pull/4845
CONFIRM:http://advisories.mageia.org/MGASA-2014-0320.html: http://advisories.mageia.org/MGASA-2014-0320.html
MANDRIVA:MDVSA-2015:160: http://www.mandriva.com/security/advisories?name=MDVSA-2015:160
SUSE:openSUSE-SU-2014:1060: http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html
XF:ipython-cve20143429-code-exec(94497): https://exchange.xforce.ibmcloud.com/vulnerabilities/94497
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application