8.8

CVE-2015-5607

Exploit
Cross-site request forgery in the REST API in IPython 2 and 3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IpythonIpython Version2.0.0
IpythonIpython Version2.1.0
IpythonIpython Version2.2.0
IpythonIpython Version2.3.0
IpythonIpython Version2.3.1
IpythonIpython Version2.4.0
IpythonIpython Version2.4.1
IpythonIpython Version3.0.0
IpythonIpython Version3.1.0
IpythonIpython Version3.2.0
IpythonIpython Version3.2.1
IpythonIpython Version3.2.2
IpythonIpython Version3.2.3
FedoraprojectFedora Version21
FedoraprojectFedora Version22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.2% 0.642
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html
Third Party Advisory
Issue Tracking
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html
Third Party Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2015/07/21/3
Patch
Third Party Advisory
Exploit
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1243842
Patch
Issue Tracking
https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816
Patch
Third Party Advisory
https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0
Patch
Third Party Advisory