CVE-2015-7337

Published: Sep 29, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Affected (6)

Products: Ipython: Notebook · Jupyter: Notebook

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ipython Notebook	Up to 3.2.1

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Jupyter Notebook	Version 4.0.0
Jupyter Notebook	Version 4.0.1
Jupyter Notebook	Version 4.0.2
Jupyter Notebook	Version 4.0.3
Jupyter Notebook	Version 4.0.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2015/q3/558

Source: cve@mitre.org

http://seclists.org/oss-sec/2015/q3/634

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1264067

Source: cve@mitre.org

https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967

Source: cve@mitre.org

https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5

Source: cve@mitre.org

https://security.gentoo.org/glsa/201512-02

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html