PT-2015-7414 · Project Jupyter · Ipython Notebook+1

Juan Broullón

Published

2015-09-15

Updated

2022-05-14

CVE-2015-6938

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions IPython Notebook versions prior to 3.2.2 Jupyter Notebook versions 4.0.x prior to 4.0.5

Description A cross-site scripting (XSS) issue exists in the file browser component of the notebook application, allowing remote attackers to inject arbitrary web script or HTML via a folder name.

Recommendations For IPython Notebook versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. For Jupyter Notebook versions 4.0.x prior to 4.0.5, update to version 4.0.5 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-6938

GHSA-4VWQ-X64Q-J4CJ

MGASA-2015-0372

PYSEC-2015-24

PYSEC-2015-26

Affected Products

Ipython Notebook

Jupyter Notebook

PT-2015-7414 · Project Jupyter · Ipython Notebook+1

CVE-2015-6938

Weakness Enumeration

Related Identifiers

Affected Products

References · 27