CVE-2015-7337 - OpenCVE

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ipython	Notebook
Jupyter	Notebook

Configuration 1 [-]

cpe:2.3:a:ipython:notebook:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:jupyter:notebook:4.0.0:::::::*
	cpe:2.3:a:jupyter:notebook:4.0.1:::::::*
	cpe:2.3:a:jupyter:notebook:4.0.2:::::::*
	cpe:2.3:a:jupyter:notebook:4.0.3:::::::*
	cpe:2.3:a:jupyter:notebook:4.0.4:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
http://seclists.org/oss-sec/2015/q3/558
http://seclists.org/oss-sec/2015/q3/634
https://bugzilla.redhat.com/show_bug.cgi?id=1264067
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
https://security.gentoo.org/glsa/201512-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-29T19:00:00

Updated: 2024-08-06T07:43:46.272Z

Reserved: 2015-09-24T00:00:00

Link: CVE-2015-7337

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-09-29T19:59:07.997

Modified: 2016-12-07T18:23:54.617

Link: CVE-2015-7337

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201512-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201512-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067"}, {"name": "[oss-security] 20150916 CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2015/q3/558"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5"}, {"name": "FEDORA-2015-16128", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html"}, {"name": "[oss-security] 20150924 Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2015/q3/634"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7337", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201512-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-02"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067"}, {"name": "[oss-security] 20150916 CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2015/q3/558"}, {"name": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967", "refsource": "CONFIRM", "url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967"}, {"name": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5", "refsource": "CONFIRM", "url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5"}, {"name": "FEDORA-2015-16128", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html"}, {"name": "[oss-security] 20150924 Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2015/q3/634"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:43:46.272Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201512-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067"}, {"name": "[oss-security] 20150916 CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2015/q3/558"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5"}, {"name": "FEDORA-2015-16128", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html"}, {"name": "[oss-security] 20150924 Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2015/q3/634"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7337", "datePublished": "2015-09-29T19:00:00", "dateReserved": "2015-09-24T00:00:00", "dateUpdated": "2024-08-06T07:43:46.272Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipython:notebook:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD264874-41FF-4357-82DF-0BB77DD3E1C1", "versionEndIncluding": "3.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:notebook:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "320F3B3D-9D14-4CD2-87F7-FE9096E1B85A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jupyter:notebook:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D41485D7-0A64-40CC-A784-3A2182CE830D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jupyter:notebook:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF025212-0295-4746-8506-7F287DE65D11", "vulnerable": true}, {"criteria": "cpe:2.3:a:jupyter:notebook:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "16AA87BF-6CC1-48D3-AB8E-A73E8EFD1D1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jupyter:notebook:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6ADC5C96-5B64-47C8-A5B2-879F9E9BE2DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types."}, {"lang": "es", "value": "Vulnerabilidad en el editor en IPython Notebook en versiones anteriores a 3.2.2 y Jupyter Notebook 4.0.x en versiones anteriores a 4.0.5, permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s de un archivo manipulado, lo que desencadena una redireci\u00f3n a files/, relacionado con los tipos MIME."}], "id": "CVE-2015-7337", "lastModified": "2016-12-07T18:23:54.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-09-29T19:59:07.997", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2015/q3/558"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2015/q3/634"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264067"}, {"source": "cve@mitre.org", "url": "https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967"}, {"source": "cve@mitre.org", "url": "https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201512-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}