CVE-2015-4707

Advisory

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.


MLIST:[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses: http://www.openwall.com/lists/oss-security/2015/06/22/7
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1235688: https://bugzilla.redhat.com/show_bug.cgi?id=1235688
CONFIRM:https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce: https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce
CONFIRM:https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c: https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c
CONFIRM:https://ipython.org/ipython-doc/3/whatsnew/version3.html: https://ipython.org/ipython-doc/3/whatsnew/version3.html
BID:75328: http://www.securityfocus.com/bid/75328

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4707
• https://ipython.org/ipython-doc/3/whatsnew/version3.html
• https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c
• https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce
• https://bugzilla.redhat.com/show_bug.cgi?id=1235688
• http://www.openwall.com/lists/oss-security/2015/06/22/7
• http://www.securityfocus.com/bid/75328