oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request : CSRF in IPython/Jupyter notebook Tree.

From: cve-assign () mitre org
Date: Mon, 14 Sep 2015 15:32:25 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Type of vulnerability: XSS

[ changed from "Type of vulnerability: CSRF" based on later mailing-list discussion ]


  3.x:   https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892
  4.0.x: https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3
  4.x:   https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed



Affected versions: 0.12 <= version <= 4.0

(Note, software change name between 3.x and 4.0)



Local folder name was used in HTML templates without escaping


Use CVE-2015-6938.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV9x9XAAoJEL54rhJi8gl5mvoP/jcWhyQGreaVGfLXTCTlCMNc
6+gt25dmNxLJQa3/yiPhsrcY6BhG6vUcJyM3peTNkWOzYTW1+tz0YiReU2E0lybe
/8vQo3JEsD5JCcOtCR32/qMMFl1W5sdfAcflPnXxNPHFq369QE4obw0lIx3DaqVG
+UJEwzLj1Da8PjrXRkd0RaeX92HhGcjG9ktfpOIKgWuWx24FTRScrq+ZgNPU/44k
YKSYegOu+FzWKuWFVElnmioJIUvzfPYajYBx96CrH7p5ASunfxT/oJ8MyA9Ml2dD
2Q85Sq0nAPrUZcSfErhjFSIORu+eX/FW+sw+kUmaK+hL9u7i/dhUUSagAW9DRoLt
VB/YkmiXIlX13Y6WP9ENnKizG/XjbeHhhXAHgz0vFmpCS4xdsnX2qad6LMryhaAT
Ep51amBRliHsKzoIpoelFl+bTSdPHJ+1AF9PvJ3Tx+4CTltApi5Rp3fnvb9RvCm5
f5zh87WqGt2D1yMWg9zJ7ru265RSoFc5ks9Cuygz3y3wqQgb6eg2ldQ6X36ygMlB
8IvPtca+rSJJ9hslWVcNdVzBM/PLytJRSC+t4obSjzoMg2MtXMWZZFiapTEWWVLF
TCPzZWhqVvmzFTHochArFPFyDcmPW83VIIZx8wAFVI51u8GI2oksYjjIrw+fd1/l
5OItpMs1hdnp1e0t08Cu
=KBuL
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: