cvelistv5 - cve-2015-5607

CVE-2015-5607 (GCVE-0-2015-5607)

Vulnerability from cvelistv5 – Published: 2017-09-20 16:00 – Updated: 2024-08-06 06:50

Summary

Cross-site request forgery in the REST API in IPython 2 and 3.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1243842	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://github.com/ipython/ipython/commit/1415a97…	x_refsource_CONFIRM
	https://github.com/ipython/ipython/commit/a05fe05…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/07/21/3	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:50:03.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
          },
          {
            "name": "FEDORA-2015-11677",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
          },
          {
            "name": "FEDORA-2015-11767",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
          },
          {
            "name": "[oss-security] 20150721 Re: CVE request: IPython CSRF validation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery in the REST API in IPython 2 and 3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
        },
        {
          "name": "FEDORA-2015-11677",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
        },
        {
          "name": "FEDORA-2015-11767",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
        },
        {
          "name": "[oss-security] 20150721 Re: CVE request: IPython CSRF validation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery in the REST API in IPython 2 and 3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
            },
            {
              "name": "FEDORA-2015-11677",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
            },
            {
              "name": "FEDORA-2015-11767",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
            },
            {
              "name": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816",
              "refsource": "CONFIRM",
              "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
            },
            {
              "name": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0",
              "refsource": "CONFIRM",
              "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
            },
            {
              "name": "[oss-security] 20150721 Re: CVE request: IPython CSRF validation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5607",
    "datePublished": "2017-09-20T16:00:00",
    "dateReserved": "2015-07-20T00:00:00",
    "dateUpdated": "2024-08-06T06:50:03.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF0DEE4D-458E-4D55-91C0-9E07C6BE1FE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50660405-BD6C-47FA-84D1-602D046204E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FF16C33-8CEE-4E38-BF14-3E92BEF5A514\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"713D4937-4E9F-4792-AB53-C37D5EC4AFBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BDA19F0-6B07-479A-BD1B-E8D1ABB33AD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63B100B7-E055-4A30-93E9-E8E9F17A4259\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93892A0D-61CF-4048-873F-EFBAD362E3A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"790A7C14-145B-4683-AA47-E4B113CB97B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9B56190-B31B-46E3-82D0-07E19EE0B5A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A7E697C-F3B6-49A5-A161-2D0BCB4252B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BE5F8AA-DB37-455C-8464-8210FDBAF5A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EA1597B-DEEF-41C5-B38F-BF04E43556B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C26A84F-A1E5-4586-A8F3-F6B3157FE5A9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BDB5A0-0839-4A20-A003-B8CD56F48171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery in the REST API in IPython 2 and 3.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3.\"}]",
      "id": "CVE-2015-5607",
      "lastModified": "2024-11-21T02:33:23.240",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-09-20T16:29:00.753",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/07/21/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1243842\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/07/21/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1243842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5607\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-20T16:29:00.753\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery in the REST API in IPython 2 and 3.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF0DEE4D-458E-4D55-91C0-9E07C6BE1FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50660405-BD6C-47FA-84D1-602D046204E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF16C33-8CEE-4E38-BF14-3E92BEF5A514\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"713D4937-4E9F-4792-AB53-C37D5EC4AFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDA19F0-6B07-479A-BD1B-E8D1ABB33AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B100B7-E055-4A30-93E9-E8E9F17A4259\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93892A0D-61CF-4048-873F-EFBAD362E3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A7C14-145B-4683-AA47-E4B113CB97B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B56190-B31B-46E3-82D0-07E19EE0B5A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A7E697C-F3B6-49A5-A161-2D0BCB4252B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BE5F8AA-DB37-455C-8464-8210FDBAF5A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EA1597B-DEEF-41C5-B38F-BF04E43556B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C26A84F-A1E5-4586-A8F3-F6B3157FE5A9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/07/21/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1243842\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/07/21/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1243842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

PYSEC-2017-47

Vulnerability from pysec - Published: 2017-09-20 16:29 - Updated: 2021-07-15 02:22

Details

Cross-site request forgery in the REST API in IPython 2 and 3.

Impacted products

Name	purl
ipython	pkg:pypi/ipython

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ipython",
        "purl": "pkg:pypi/ipython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "a05fe052a18810e92d9be8c1185952c13fe4e5b0"
            },
            {
              "fixed": "1415a9710407e7c14900531813c15ba6165f0816"
            }
          ],
          "repo": "https://github.com/ipython/ipython",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10",
        "0.10.1",
        "0.10.2",
        "0.11",
        "0.12",
        "0.12.1",
        "0.13",
        "0.13.1",
        "0.13.2",
        "0.6.10",
        "0.6.11",
        "0.6.12",
        "0.6.13",
        "0.6.14",
        "0.6.15",
        "0.6.4",
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.1.fix1",
        "0.7.2",
        "0.7.3",
        "0.7.4.svn.r2010",
        "0.8.0",
        "0.8.1",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.9",
        "0.9.1",
        "1.0.0",
        "1.1.0",
        "1.2.0",
        "1.2.1",
        "2.0.0",
        "2.1.0",
        "2.2.0",
        "2.3.0",
        "2.3.1",
        "2.4.0",
        "2.4.1",
        "3.0.0",
        "3.1.0",
        "3.2.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5607",
    "GHSA-7fc2-rm35-2pp7"
  ],
  "details": "Cross-site request forgery in the REST API in IPython 2 and 3.",
  "id": "PYSEC-2017-47",
  "modified": "2021-07-15T02:22:14.864070Z",
  "published": "2017-09-20T16:29:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
    },
    {
      "type": "FIX",
      "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-7fc2-rm35-2pp7"
    }
  ]
}

GSD-2015-5607

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Cross-site request forgery in the REST API in IPython 2 and 3.

Aliases

CVE-2015-5607

Aliases

CVE-2015-5607

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5607",
    "description": "Cross-site request forgery in the REST API in IPython 2 and 3.",
    "id": "GSD-2015-5607",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-5607.html",
      "https://advisories.mageia.org/CVE-2015-5607.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5607"
      ],
      "details": "Cross-site request forgery in the REST API in IPython 2 and 3.",
      "id": "GSD-2015-5607",
      "modified": "2023-12-13T01:20:06.399690Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-5607",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery in the REST API in IPython 2 and 3."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
          },
          {
            "name": "FEDORA-2015-11677",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
          },
          {
            "name": "FEDORA-2015-11767",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
          },
          {
            "name": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816",
            "refsource": "CONFIRM",
            "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
          },
          {
            "name": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0",
            "refsource": "CONFIRM",
            "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
          },
          {
            "name": "[oss-security] 20150721 Re: CVE request: IPython CSRF validation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.12,\u003c2.4.1||\u003e=3.0.0,\u003c3.2.3",
          "affected_versions": "All versions starting from 0.12 before 2.4.1, all versions starting from 3.0.0 before 3.2.3",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-937"
          ],
          "date": "2022-06-03",
          "description": "Cross-site request forgery in the REST API in IPython 2 and 3.",
          "fixed_versions": [
            "2.4.1",
            "3.2.3"
          ],
          "identifier": "CVE-2015-5607",
          "identifiers": [
            "GHSA-7fc2-rm35-2pp7",
            "CVE-2015-5607"
          ],
          "not_impacted": "All versions before 0.12, all versions starting from 2.4.1 before 3.0.0, all versions starting from 3.2.3",
          "package_slug": "pypi/ipython",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to versions 2.4.1, 3.2.3 or above.",
          "title": "Cross-Site Request Forgery (CSRF)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2015-5607",
            "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816",
            "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1243842",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html",
            "http://www.openwall.com/lists/oss-security/2015/07/21/3",
            "https://github.com/advisories/GHSA-7fc2-rm35-2pp7"
          ],
          "uuid": "23da7d87-8bf5-4d3e-b445-cbc8769d9686"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5607"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery in the REST API in IPython 2 and 3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
            },
            {
              "name": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
            },
            {
              "name": "[oss-security] 20150721 Re: CVE request: IPython CSRF validation",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
            },
            {
              "name": "FEDORA-2015-11767",
              "refsource": "FEDORA",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
            },
            {
              "name": "FEDORA-2015-11677",
              "refsource": "FEDORA",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-10-05T14:31Z",
      "publishedDate": "2017-09-20T16:29Z"
    }
  }
}

GHSA-7FC2-RM35-2PP7

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2024-09-27 15:40

Summary

IPython vulnerable to cross site request forgery (CSRF)

Details

IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ipython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12"
            },
            {
              "fixed": "2.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ipython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-03T15:42:47Z",
    "nvd_published_at": "2017-09-20T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.",
  "id": "GHSA-7fc2-rm35-2pp7",
  "modified": "2024-09-27T15:40:37Z",
  "published": "2022-05-17T00:35:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5607"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-7fc2-rm35-2pp7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ipython/ipython"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2017-47.yaml"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "IPython vulnerable to cross site request forgery (CSRF)"
}

FKIE_CVE-2015-5607

Vulnerability from fkie_nvd - Published: 2017-09-20 16:29 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Cross-site request forgery in the REST API in IPython 2 and 3.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html	Issue Tracking, Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html	Issue Tracking, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/07/21/3	Exploit, Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1243842	Issue Tracking, Patch
cve@mitre.org	https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816	Patch, Third Party Advisory
cve@mitre.org	https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/07/21/3	Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1243842	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
ipython	ipython	2.0.0
ipython	ipython	2.1.0
ipython	ipython	2.2.0
ipython	ipython	2.3.0
ipython	ipython	2.3.1
ipython	ipython	2.4.0
ipython	ipython	2.4.1
ipython	ipython	3.0.0
ipython	ipython	3.1.0
ipython	ipython	3.2.0
ipython	ipython	3.2.1
ipython	ipython	3.2.2
ipython	ipython	3.2.3
fedoraproject	fedora	21
fedoraproject	fedora	22

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF0DEE4D-458E-4D55-91C0-9E07C6BE1FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660405-BD6C-47FA-84D1-602D046204E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF16C33-8CEE-4E38-BF14-3E92BEF5A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "713D4937-4E9F-4792-AB53-C37D5EC4AFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA19F0-6B07-479A-BD1B-E8D1ABB33AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B100B7-E055-4A30-93E9-E8E9F17A4259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93892A0D-61CF-4048-873F-EFBAD362E3A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "790A7C14-145B-4683-AA47-E4B113CB97B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B56190-B31B-46E3-82D0-07E19EE0B5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A7E697C-F3B6-49A5-A161-2D0BCB4252B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE5F8AA-DB37-455C-8464-8210FDBAF5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA1597B-DEEF-41C5-B38F-BF04E43556B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipython:ipython:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C26A84F-A1E5-4586-A8F3-F6B3157FE5A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery in the REST API in IPython 2 and 3."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3."
    }
  ],
  "id": "CVE-2015-5607",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-20T16:29:00.753",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/07/21/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-35376

Vulnerability from cnvd - Published: 2017-11-29

Title

IPython跨站请求伪造漏洞

Description

IPython是IPython团队开发的一个Python的原生交互式shell的增强版。REST API是其中的一个支持轻量级REST风格Web脚本的API。 IPython 2版本和3版本中的REST API存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行未授权的操作。

Severity

中

Patch Name

IPython跨站请求伪造漏洞的补丁

Patch Description

IPython是IPython团队开发的一个Python的原生交互式shell的增强版。REST API是其中的一个支持轻量级REST风格Web脚本的API。 IPython 2版本和3版本中的REST API存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行未授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html

Impacted products

Name
['IPython IPython 2', 'IPython IPython 3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5607"
    }
  },
  "description": "IPython\u662fIPython\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2aPython\u7684\u539f\u751f\u4ea4\u4e92\u5f0fshell\u7684\u589e\u5f3a\u7248\u3002REST API\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u652f\u6301\u8f7b\u91cf\u7ea7REST\u98ce\u683cWeb\u811a\u672c\u7684API\u3002\r\n\r\nIPython 2\u7248\u672c\u548c3\u7248\u672c\u4e2d\u7684REST API\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Vasyl Kaigorodov",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-35376",
  "openTime": "2017-11-29",
  "patchDescription": "IPython\u662fIPython\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2aPython\u7684\u539f\u751f\u4ea4\u4e92\u5f0fshell\u7684\u589e\u5f3a\u7248\u3002REST API\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u652f\u6301\u8f7b\u91cf\u7ea7REST\u98ce\u683cWeb\u811a\u672c\u7684API\u3002\r\n\r\nIPython 2\u7248\u672c\u548c3\u7248\u672c\u4e2d\u7684REST API\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IPython\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IPython IPython 2",
      "IPython IPython 3"
    ]
  },
  "referenceLink": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-22",
  "title": "IPython\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5607 (GCVE-0-2015-5607)

PYSEC-2017-47

GSD-2015-5607

GHSA-7FC2-RM35-2PP7

FKIE_CVE-2015-5607

CNVD-2017-35376

Tags

Sightings

Nomenclature