Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-3429

Good to know:

icon

Date: August 7, 2014

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

Language: Python

Severity Score

Related Resources (15)

https://github.com/mattvonrocketstein/ipython/commit/dd4135db9f42d196a46553310a8e63ff5658671d
http://seclists.org/oss-sec/2014/q3/152
https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2014-21.yaml
https://bugzilla.redhat.com/show_bug.cgi?id=1119890
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
https://exchange.xforce.ibmcloud.com/vulnerabilities/94497
http://www.mandriva.com/security/advisories?name=MDVSA-2015:160
http://advisories.mageia.org/MGASA-2014-0320.html
http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198
https://nvd.nist.gov/vuln/detail/CVE-2014-3429
https://github.com/ipython/ipython/pull/4845
http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html
https://github.com/ipython/ipython
https://github.com/ipython/ipython/commit/e5b669ce4750d628dba383fd637dbde918ea15f5
https://www.mend.io/vulnerability-database/CVE-2014-3429

Severity Score

Weakness Type (CWE)

Code Injection

CWE-94

Top Fix

icon

Upgrade Version

Upgrade to version 1.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us