Cross-Site Scripting Flaw in IPython and Jupyter Notebook from IPython Project
CVE-2015-6938

Currently unrated

Key Information:

Vendor

Jupyter

Status
Notebook
Vendor
CVE Published:
21 September 2015

What is CVE-2015-6938?

A cross-site scripting vulnerability exists in the file browser component of IPython Notebook prior to version 3.2.2 and Jupyter Notebook prior to version 4.0.5. This flaw allows attackers to introduce arbitrary web scripts or HTML through manipulative folder names. Although it was initially reported as a potential cross-site request forgery (CSRF) issue, further analysis suggests it primarily represents an XSS risk. Users are advised to update to the latest versions to mitigate exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-updates/2015-10/msg000...
vendor-advisoryx_refsource_SUSE
https://github.com/ipython/ipython/commit/3ab41641cf6fce3...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1259405
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.