CVE-2014-3429

EUVD-2014-0022
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
ipythonipython_notebook
0.12
ipythonipython_notebook
0.12.1
ipythonipython_notebook
0.13
ipythonipython_notebook
0.13.1
ipythonipython_notebook
0.13.2
ipythonipython_notebook
1.0.0
ipythonipython_notebook
1.1.0
mageiamageia
3.0
mageiamageia
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipython
bookworm
8.5.0-4
fixed
bullseye
7.20.0-1+deb11u1
fixed
bullseye (security)
7.20.0-1+deb11u1
fixed
sid
8.20.0-1
fixed
squeeze
not-affected
trixie
8.20.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipython
lucid
not-affected
precise
Fixed 0.12.1+dfsg-0ubuntu1.1
released
trusty
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0320.html
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html
http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198
http://seclists.org/oss-sec/2014/q3/152
http://www.mandriva.com/security/advisories?name=MDVSA-2015:160
https://bugzilla.redhat.com/show_bug.cgi?id=1119890
https://exchange.xforce.ibmcloud.com/vulnerabilities/94497
https://github.com/ipython/ipython/pull/4845
http://advisories.mageia.org/MGASA-2014-0320.html
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html
http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198
http://seclists.org/oss-sec/2014/q3/152
http://www.mandriva.com/security/advisories?name=MDVSA-2015:160
https://bugzilla.redhat.com/show_bug.cgi?id=1119890
https://exchange.xforce.ibmcloud.com/vulnerabilities/94497
https://github.com/ipython/ipython/pull/4845