IPython Notebook 0.12 up to and including 1.x prior to 1.2 does not validate the origin of websocket requests, which allows remote malicious users to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
ipython ipython notebook 1.1.0 |
||
ipython ipython notebook 0.12 |
||
ipython ipython notebook 0.12.1 |
||
ipython ipython notebook 0.13 |
||
ipython ipython notebook 0.13.1 |
||
ipython ipython notebook 0.13.2 |
||
ipython ipython notebook 1.0.0 |
||
mageia mageia 4.0 |
||
mageia mageia 3.0 |