CVE-2015-5607

Published: Sep 20, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery in the REST API in IPython 2 and 3.

Affected (15)

Products: Ipython: Ipython · Fedoraproject: Fedora

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Ipython Ipython	Version 2.0.0
Ipython Ipython	Version 2.1.0
Ipython Ipython	Version 2.2.0
Ipython Ipython	Version 2.3.0
Ipython Ipython	Version 2.3.1
Ipython Ipython	Version 2.4.0
Ipython Ipython	Version 2.4.1
Ipython Ipython	Version 3.0.0
Ipython Ipython	Version 3.1.0
Ipython Ipython	Version 3.2.0
Ipython Ipython	Version 3.2.1
Ipython Ipython	Version 3.2.2
Ipython Ipython	Version 3.2.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (12)

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/07/21/3

Source: cve@mitre.org

ExploitMailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1243842

Source: cve@mitre.org

Issue TrackingPatch

https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0

Source: cve@mitre.org

PatchThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/07/21/3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1243842

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.