CVE-2015-7337

EPSS 0.78%
Published 29.09.2015 19:59:07
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Ipython ≫ Notebook Version <= 3.2.1

Jupyter ≫ Notebook Version4.0.0

Jupyter ≫ Notebook Version4.0.1

Jupyter ≫ Notebook Version4.0.2

Jupyter ≫ Notebook Version4.0.3

Jupyter ≫ Notebook Version4.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.78%	0.713

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html

http://seclists.org/oss-sec/2015/q3/558

http://seclists.org/oss-sec/2015/q3/634

https://bugzilla.redhat.com/show_bug.cgi?id=1264067

https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967

https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5

https://security.gentoo.org/glsa/201512-02

https://nvd.nist.gov/vuln/detail/CVE-2015-7337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7337

EUVD