CVE-2014-3429

NONE
Published Aug 7, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 7, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 11

VendorProductVersionRange
opensuseopensuse13.1any
opensuseopensuse13.2any
ipythonipython_notebook0.12any
ipythonipython_notebook0.12.1any
ipythonipython_notebook0.13any
ipythonipython_notebook0.13.1any
ipythonipython_notebook0.13.2any
ipythonipython_notebook1.0.0any
ipythonipython_notebook1.1.0any
mageiamageia3.0any
mageiamageia4.0any

References 9

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0320.html
    Third Party Advisory
  • lambdaops.com http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
    Press/Media CoverageTechnical Description
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html
    Third Party Advisory
  • permalink.gmane.org http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198
    Broken Link
  • seclists.org http://seclists.org/oss-sec/2014/q3/152
    Third Party AdvisoryVDB Entry
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:160
    Broken Link
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1119890
    Issue Tracking
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/94497
  • github.com https://github.com/ipython/ipython/pull/4845
    Issue TrackingPatch

Remediation

  • github.com https://github.com/ipython/ipython/pull/4845
    Issue TrackingPatch