CVE-2014-3429
Published: 7 August 2014
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 10.04 LTS not affected per bug reporter |
Priority
Status
Package | Release | Status |
---|---|---|
ipython Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Released
(0.12.1+dfsg-0ubuntu1.1)
|
|
trusty |
Not vulnerable
(1.2.1-2)
|
|
upstream |
Released
(1.2.0~rc1-1)
|
|
Patches: upstream: https://github.com/ipython/ipython/pull/4845 debdiff: https://bugs.launchpad.net/ubuntu/+source/ipython/+bug/1344854 |