CVE-2015-7337

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
ipythonnotebook
𝑥
≤ 3.2.1
jupyternotebook
4.0.0
jupyternotebook
4.0.1
jupyternotebook
4.0.2
jupyternotebook
4.0.3
jupyternotebook
4.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipython
bullseye (security)
7.20.0-1+deb11u1
fixed
bullseye
7.20.0-1+deb11u1
fixed
bookworm
8.5.0-4
fixed
sid
8.20.0-1
fixed
trixie
8.20.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipython
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
trusty
not-affected
precise
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
http://seclists.org/oss-sec/2015/q3/558
http://seclists.org/oss-sec/2015/q3/634
https://bugzilla.redhat.com/show_bug.cgi?id=1264067
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
https://security.gentoo.org/glsa/201512-02
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
http://seclists.org/oss-sec/2015/q3/558
http://seclists.org/oss-sec/2015/q3/634
https://bugzilla.redhat.com/show_bug.cgi?id=1264067
https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967
https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5
https://security.gentoo.org/glsa/201512-02