CVE-2015-7337

EPSS 0.78%
Veröffentlicht 29.09.2015 19:59:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ipython ≫ Notebook Version <= 3.2.1

Jupyter ≫ Notebook Version4.0.0

Jupyter ≫ Notebook Version4.0.1

Jupyter ≫ Notebook Version4.0.2

Jupyter ≫ Notebook Version4.0.3

Jupyter ≫ Notebook Version4.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.78%	0.713

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html

http://seclists.org/oss-sec/2015/q3/558

http://seclists.org/oss-sec/2015/q3/634

https://bugzilla.redhat.com/show_bug.cgi?id=1264067

https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967

https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5

https://security.gentoo.org/glsa/201512-02

https://nvd.nist.gov/vuln/detail/CVE-2015-7337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7337

EUVD