6.8

CVE-2015-7337

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IpythonNotebook Version <= 3.2.1
JupyterNotebook Version4.0.0
JupyterNotebook Version4.0.1
JupyterNotebook Version4.0.2
JupyterNotebook Version4.0.3
JupyterNotebook Version4.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.69% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
http://seclists.org/oss-sec/2015/q3/558
http://seclists.org/oss-sec/2015/q3/634
https://bugzilla.redhat.com/show_bug.cgi?id=1264067
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
https://security.gentoo.org/glsa/201512-02