Cross-Site Scripting Flaw in IPython and Jupyter Notebook from IPython Project
CVE-2015-6938

Currently unrated

Key Information:

Vendor: Jupyter
Status: Notebook
Vendor: CVE Published:; 21 September 2015

What is CVE-2015-6938?

A cross-site scripting vulnerability exists in the file browser component of IPython Notebook prior to version 3.2.2 and Jupyter Notebook prior to version 4.0.5. This flaw allows attackers to introduce arbitrary web scripts or HTML through manipulative folder names. Although it was initially reported as a potential cross-site request forgery (CSRF) issue, further analysis suggests it primarily represents an XSS risk. Users are advised to update to the latest versions to mitigate exposure.

References

http://lists.opensuse.org/opensuse-updates/2015-10/msg000...

vendor-advisoryx_refsource_SUSE

https://github.com/ipython/ipython/commit/3ab41641cf6fce3...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1259405

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2015
Vulnerability Reserved
Sep 14, 2015

CVE-2015-6938 Data

JSON