cvelistv5 - cve-2023-24816

Source	URL	Tags
security-advisories@github.com	https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117	Issue Tracking
security-advisories@github.com	https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20	Issue Tracking
security-advisories@github.com	https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f	Patch
security-advisories@github.com	https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7	Exploit, Mitigation, Vendor Advisory

Vendor	Product
ipython	ipython

pysec-2023-17

Vulnerability from pysec

Published

2023-02-10 20:15

Modified

2023-05-04 03:49

Details

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function IPython.utils.terminal.set_term_title be called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool set_term_title could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the IPython.utils.terminal.set_term_title function are done with trusted or filtered input.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ipython",
        "purl": "pkg:pypi/ipython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "385d69325319a5972ee9b5983638e3617f21cb1f"
            }
          ],
          "repo": "https://github.com/ipython/ipython",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10",
        "0.10.1",
        "0.10.2",
        "0.11",
        "0.12",
        "0.12.1",
        "0.13",
        "0.13.1",
        "0.13.2",
        "0.6.10",
        "0.6.11",
        "0.6.12",
        "0.6.13",
        "0.6.14",
        "0.6.15",
        "0.6.4",
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.1.fix1",
        "0.7.2",
        "0.7.3",
        "0.7.4.svn.r2010",
        "0.8.0",
        "0.8.1",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.9",
        "0.9.1",
        "1.0.0",
        "1.1.0",
        "1.2.0",
        "1.2.1",
        "2.0.0",
        "2.1.0",
        "2.2.0",
        "2.3.0",
        "2.3.1",
        "2.4.0",
        "2.4.1",
        "3.0.0",
        "3.1.0",
        "3.2.0",
        "3.2.1",
        "3.2.2",
        "3.2.3",
        "4.0.0",
        "4.0.0-b1",
        "4.0.0b1",
        "4.0.1",
        "4.0.2",
        "4.0.3",
        "4.1.0",
        "4.1.0rc1",
        "4.1.0rc2",
        "4.1.1",
        "4.1.2",
        "4.2.0",
        "4.2.1",
        "5.0.0",
        "5.0.0b1",
        "5.0.0b2",
        "5.0.0b3",
        "5.0.0b4",
        "5.0.0rc1",
        "5.1.0",
        "5.10.0",
        "5.2.0",
        "5.2.1",
        "5.2.2",
        "5.3.0",
        "5.4.0",
        "5.4.1",
        "5.5.0",
        "5.6.0",
        "5.7.0",
        "5.8.0",
        "5.9.0",
        "6.0.0",
        "6.0.0rc1",
        "6.1.0",
        "6.2.0",
        "6.2.1",
        "6.3.0",
        "6.3.1",
        "6.4.0",
        "6.5.0",
        "7.0.0",
        "7.0.0b1",
        "7.0.0rc1",
        "7.0.1",
        "7.1.0",
        "7.1.1",
        "7.10.0",
        "7.10.1",
        "7.10.2",
        "7.11.0",
        "7.11.1",
        "7.12.0",
        "7.13.0",
        "7.14.0",
        "7.15.0",
        "7.16.0",
        "7.16.1",
        "7.16.2",
        "7.16.3",
        "7.17.0",
        "7.18.0",
        "7.18.1",
        "7.19.0",
        "7.2.0",
        "7.20.0",
        "7.21.0",
        "7.22.0",
        "7.23.0",
        "7.23.1",
        "7.24.0",
        "7.24.1",
        "7.25.0",
        "7.26.0",
        "7.27.0",
        "7.28.0",
        "7.29.0",
        "7.3.0",
        "7.30.0",
        "7.30.1",
        "7.31.0",
        "7.31.1",
        "7.32.0",
        "7.33.0",
        "7.34.0",
        "7.4.0",
        "7.5.0",
        "7.6.0",
        "7.6.1",
        "7.7.0",
        "7.8.0",
        "7.9.0",
        "8.0.0",
        "8.0.0a1",
        "8.0.0b1",
        "8.0.0rc1",
        "8.0.1",
        "8.1.0",
        "8.1.1",
        "8.2.0",
        "8.3.0",
        "8.4.0",
        "8.5.0",
        "8.6.0",
        "8.7.0",
        "8.8.0",
        "8.9.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24816",
    "GHSA-29gw-9793-fvw7"
  ],
  "details": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.",
  "id": "PYSEC-2023-17",
  "modified": "2023-05-04T03:49:45.922825Z",
  "published": "2023-02-10T20:15:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117"
    },
    {
      "type": "FIX",
      "url": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20"
    }
  ]
}

ghsa-29gw-9793-fvw7

Vulnerability from github

Published

2023-02-10 19:55

Modified

2023-02-10 22:08

Severity

4.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

IPython vulnerable to command injection via set_term_title

Details

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the set_term_title function under specific conditions. This has been patched in version 8.10.0.

Impact

Users are only vulnerable when calling this function in Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, set_term_title could introduce a vulnerability for dependencies. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to cd into this directory, then the attacker can execute arbitrary commands contained in the folder names.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "ecosystem_specific": {
        "affected_functions": [
          "IPython.utils.terminal.set_term_title"
        ]
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "IPython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-10T19:55:53Z",
    "nvd_published_at": "2023-02-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the `set_term_title` [function](https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117) under specific conditions. This has been patched in version 8.10.0.\n\n### Impact \nUsers are only vulnerable when calling this function in Windows in a Python environment where [ctypes](https://docs.python.org/3/library/ctypes.html) is not available. The dependency on ctypes in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, `set_term_title` could introduce a vulnerability for dependencies. Currently `set_term_title` is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to `cd` into this directory, then the attacker can execute arbitrary commands contained in the folder names.",
  "id": "GHSA-29gw-9793-fvw7",
  "modified": "2023-02-10T22:08:04Z",
  "published": "2023-02-10T19:55:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/commit/991849c247fc208628879e7ca2923b3c218a5a75"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Carreau/ipython/blob/7557ade0ed927475d5ab5b573d0ea4febfb22683/docs/source/whatsnew/version8.rst#ipython-810"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ipython/ipython"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "IPython vulnerable to command injection via set_term_title"
}

gsd-2023-24816

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.

Aliases

CVE-2023-24816

Aliases

CVE-2023-24816

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24816",
    "id": "GSD-2023-24816",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-24816.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24816"
      ],
      "details": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.",
      "id": "GSD-2023-24816",
      "modified": "2023-12-13T01:20:58.166783Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-24816",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ipython",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 8.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ipython"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7",
            "refsource": "MISC",
            "url": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7"
          },
          {
            "name": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f",
            "refsource": "MISC",
            "url": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f"
          },
          {
            "name": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117",
            "refsource": "MISC",
            "url": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117"
          },
          {
            "name": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20",
            "refsource": "MISC",
            "url": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-29gw-9793-fvw7",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c8.10.0",
          "affected_versions": "All versions before 8.10.0",
          "cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2023-02-23",
          "description": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.",
          "fixed_versions": [
            "8.10.0"
          ],
          "identifier": "CVE-2023-24816",
          "identifiers": [
            "CVE-2023-24816",
            "GHSA-29gw-9793-fvw7"
          ],
          "not_impacted": "All versions starting from 8.10.0",
          "package_slug": "pypi/ipython",
          "pubdate": "2023-02-10",
          "solution": "Upgrade to version 8.10.0 or above.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7",
            "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f",
            "https://github.com/ipython/ipython/commit/991849c247fc208628879e7ca2923b3c218a5a75",
            "https://github.com/Carreau/ipython/blob/7557ade0ed927475d5ab5b573d0ea4febfb22683/docs/source/whatsnew/version8.rst#ipython-810",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-24816",
            "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117",
            "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20",
            "https://github.com/advisories/GHSA-29gw-9793-fvw7"
          ],
          "uuid": "009434d6-0a28-4d4e-9aa7-a1992d8ac288"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-24816"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117"
            },
            {
              "name": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f"
            },
            {
              "name": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7"
            },
            {
              "name": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-23T17:33Z",
      "publishedDate": "2023-02-10T20:15Z"
    }
  }
}

Action not permitted

cve-2023-24816

Vulnerability from cvelistv5

pysec-2023-17

Vulnerability from pysec

ghsa-29gw-9793-fvw7

Vulnerability from github

Impact

gsd-2023-24816

Vulnerability from gsd

Tags