8.8

CVE-2015-5607

Exploit

Cross-site request forgery in the REST API in IPython 2 and 3.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IpythonIpython Version2.0.0
IpythonIpython Version2.1.0
IpythonIpython Version2.2.0
IpythonIpython Version2.3.0
IpythonIpython Version2.3.1
IpythonIpython Version2.4.0
IpythonIpython Version2.4.1
IpythonIpython Version3.0.0
IpythonIpython Version3.1.0
IpythonIpython Version3.2.0
IpythonIpython Version3.2.1
IpythonIpython Version3.2.2
IpythonIpython Version3.2.3
FedoraprojectFedora Version21
FedoraprojectFedora Version22
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.457
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://www.openwall.com/lists/oss-security/2015/07/21/3
Patch
Third Party Advisory
Exploit
Mailing List