#VU38231 Cross-site request forgery in ipython and Fedora - CVE-2015-5607


| Updated: 2020-08-08

Vulnerability identifier: #VU38231

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-5607

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ipython
Other software / Other software solutions
Fedora
Operating systems & Components / Operating system

Vendor: ipython.org
Fedoraproject

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Cross-site request forgery in the REST API in IPython 2 and 3.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ipython: 2.0.0, 2.1.0, 2.2.0, 2.3.0 - 2.3.1, 2.4.0 - 2.4.1, 3.0.0, 3.1.0, 3.2.0 - 3.2.3

Fedora: 2.0.0 - 22

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html
https://www.openwall.com/lists/oss-security/2015/07/21/3
https://bugzilla.redhat.com/show_bug.cgi?id=1243842
https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816
https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for ipython
Cross-site request forgery in ipython