Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-21699

Good to know:

icon
icon

Date: January 19, 2022

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Language: Python

Severity Score

Related Resources (15)

https://github.com/ipython/ipython/commit/5fa1e409d2dc126c456510c16ece18e08b524e5b
https://github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
https://nvd.nist.gov/vuln/detail/CVE-2022-21699
https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2022-12.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB
https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
https://github.com/ipython/ipython/commit/a06ca837273271b4acb82c29be97c0b6d12a30ea
https://github.com/ipython/ipython
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/
https://www.mend.io/vulnerability-database/CVE-2022-21699

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Execution with Unnecessary Privileges

CWE-250

Incorrect Execution-Assigned Permissions

CWE-279

Top Fix

icon

Upgrade Version

Upgrade to version ipython - 5.11,7.16.3,7.31.1,8.0.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us