PT-2015-7525 · Project Jupyter · Ipython Notebook+1

Adam Mariš

Published

2015-09-29

Updated

2022-05-17

CVE-2015-7337

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions IPython Notebook versions prior to 3.2.2 Jupyter Notebook versions 4.0.x prior to 4.0.5

Description The issue allows remote attackers to execute arbitrary JavaScript code via a crafted file. This is related to MIME types and triggers a redirect to files/.

Recommendations For IPython Notebook versions prior to 3.2.2, update to version 3.2.2 or later. For Jupyter Notebook versions 4.0.x prior to 4.0.5, update to version 4.0.5 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-7337

GHSA-92MR-V722-F48M

PYSEC-2015-25

PYSEC-2015-27

Affected Products

Ipython Notebook

Jupyter Notebook

PT-2015-7525 · Project Jupyter · Ipython Notebook+1

CVE-2015-7337

Weakness Enumeration

Related Identifiers

Affected Products

References · 18