[IPython-dev] Vulnerability in IPython Notebook ≤ 1.1

Kyle Kelley rgbkrk at gmail.com
Mon Jul 14 11:20:13 EDT 2014


Whoops!

Correction, CVE ID was truncated. It should read:

The CVE ID is CVE-2014-3429 (
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429).



On Sun, Jul 13, 2014 at 3:56 PM, Kyle Kelley <rgbkrk at gmail.com> wrote:

> Everyone,
>
> On IPython ≤ 1.1, a remote site could have exploited a vulnerability in
> cross origin websocket handling to execute code on an IPython kernel, with
> knowledge of the kernel id (which requires user intervention).
>
> This vulnerability was patched in
> https://github.com/ipython/ipython/pull/4845 and reported to the CVE
> (Common Vulnerabilities and Exposure) database.
>
> Summary given to the CVE database: The origin of websocket requests was
> not verified within the IPython notebook server. If an attacker has
> knowledge of an IPython kernel id they can run arbitrary code on a user's
> machine when the client visits a crafted malicious page.
>
> The CVE ID is CVE-2014-342 (
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-342).
>
> If you were at SciPy and watched the final round of lightning talks, you
> already know about this vulnerability (as much as you can within a 5 minute
> talk that is).
>
> I wrote a more detailed explanation at
> http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
>
> Feel free to ask us (the IPython team) any questions!
>
> Regards,
>
> Kyle Kelley
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140714/b7e9d9fd/attachment.html>


More information about the IPython-dev mailing list