PYSEC-2017-46
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/ipython/PYSEC-2017-46.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2017-46
- Aliases
- Published
- 2017-09-20T18:29:00Z
- Modified
- 2023-11-01T04:46:08.978410Z
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
- References
-
- https://ipython.org/ipython-doc/3/whatsnew/version3.html
- https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c
- https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce
- https://bugzilla.redhat.com/show_bug.cgi?id=1235688
- http://www.openwall.com/lists/oss-security/2015/06/22/7
- http://www.securityfocus.com/bid/75328
- https://github.com/advisories/GHSA-66gw-5xpf-gfp5
Affected packages
PyPI / ipython
Package
- Name
- ipython
- View open source insights on deps.dev
- Purl
- pkg:pypi/ipython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ipython/ipython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.0
Affected versions
0.*
0.7.1.fix1
0.7.4.svn.r2010
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.10
0.10.1
0.10.2
0.11
0.12
0.12.1
0.13
0.13.1
0.13.2
1.*
1.0.0
1.1.0
1.2.0
1.2.1
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.3.1
2.4.0
2.4.1
3.*
3.0.0
3.1.0