Search criteria
2 vulnerabilities found for ipython_notebook by ipython
CVE-2014-3429 (GCVE-0-2014-3429)
Vulnerability from nvd – Published: 2014-08-07 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"name": "https://github.com/ipython/ipython/pull/4845",
"refsource": "CONFIRM",
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0320.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"name": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython",
"refsource": "CONFIRM",
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3429",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3429 (GCVE-0-2014-3429)
Vulnerability from cvelistv5 – Published: 2014-08-07 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html"
},
{
"name": "ipython-cve20143429-code-exec(94497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497"
},
{
"name": "https://github.com/ipython/ipython/pull/4845",
"refsource": "CONFIRM",
"url": "https://github.com/ipython/ipython/pull/4845"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0320.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0320.html"
},
{
"name": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython",
"refsource": "CONFIRM",
"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython"
},
{
"name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/152"
},
{
"name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook \u0026#8804; 1.1",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198"
},
{
"name": "MDVSA-2015:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3429",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}