6.8
CVE-2015-7337
- EPSS 1.69%
- Veröffentlicht 29.09.2015 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.69% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
http://seclists.org/oss-sec/2015/q3/558
http://seclists.org/oss-sec/2015/q3/634
https://bugzilla.redhat.com/show_bug.cgi?id=1264067
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
https://security.gentoo.org/glsa/201512-02