IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.
| Score | Percentile |
|---|---|
| 0.26% | 48.73% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.8 | 3.0 | — |
|
| 8.6 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-7fc2-rm35-2pp7 ↗ |
| CVE | CVE-2015-5607 ↗ |
| CWE id | Name |
|---|---|
| CWE-352 | Cross-Site Request Forgery (CSRF) |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | ipython | >= 0.12, < 2.4.1 | 2.4.1 | — |
| pip | ipython | >= 3.0.0, < 3.2.3 | 3.2.3 | — |