Skip to main content

Notebook CVE-2015-7337

MEDIUM
Improper Input Validation (CWE-20)
2015-09-29 cve@mitre.org
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 29, 2015 - 19:59 cve.org
MEDIUM 6.8

DescriptionCVE.org

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

AnalysisAI

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-20. The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. Affected products include: Ipython Notebook, Jupyter Notebook. Version information: before 3.2.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-32798 CRITICAL POC
9.6 Aug 09

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated critical severity (CVSS 9.6),

CVE-2019-10856 MEDIUM POC
6.1 Apr 04

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. Rated medium severity (CVSS 6.1), this

CVE-2015-6938 MEDIUM POC
4.3 Sep 21

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2

CVE-2018-8768 HIGH
7.8 Mar 18

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in th

CVE-2022-24758 HIGH
7.5 Mar 31

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated high severity (CVSS 7.5), this

CVE-2024-22421 MEDIUM
6.5 Jan 19

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar

CVE-2024-43805 MEDIUM
6.1 Aug 28

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit

CVE-2024-22420 MEDIUM
6.1 Jan 19

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar

CVE-2020-26215 MEDIUM
6.1 Nov 18

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnera

CVE-2019-10255 MEDIUM
6.1 Mar 28

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in

CVE-2018-19352 MEDIUM
6.1 Nov 18

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js ha

CVE-2018-19351 MEDIUM
6.1 Nov 18

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have th

Share

CVE-2015-7337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy