Carreau

**Name of the Vulnerable Software and Affected Versions** IPython versions prior to 8.10.0 **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow an attacker to execute arbitrary commands by providing specially crafted data to the application. This vulnerability requires the `IPython.utils.terminal.set term title` function to be called on Windows in a Python environment where `ctypes` is not available. The vulnerability can be exploited if an attacker can control directory names and manage to get a user to change into this directory, then the attacker can execute arbitrary commands contained in the folder names. **Recommendations** For versions prior to 8.10.0, users are advised to upgrade to version 8.10.0 or later. For users unable to upgrade, ensure that any calls to the `IPython.utils.terminal.set term title` function are done with trusted or filtered input. As a temporary workaround, consider restricting access to the `set term title` function until a patch is available.