{"id":"GHSA-7fc2-rm35-2pp7","summary":"IPython vulnerable to cross site request forgery (CSRF)","details":"IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.","aliases":["CVE-2015-5607","PYSEC-2017-47"],"modified":"2024-09-27T16:46:58.699618Z","published":"2022-05-17T00:35:13Z","database_specific":{"severity":"HIGH","nvd_published_at":"2017-09-20T16:29:00Z","cwe_ids":["CWE-352"],"github_reviewed_at":"2022-06-03T15:42:47Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5607"},{"type":"WEB","url":"https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816"},{"type":"WEB","url":"https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243842"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-7fc2-rm35-2pp7"},{"type":"PACKAGE","url":"https://github.com/ipython/ipython"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2017-47.yaml"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/07/21/3"}],"affected":[{"package":{"name":"ipython","ecosystem":"PyPI","purl":"pkg:pypi/ipython"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.12"},{"fixed":"2.4.1"}]}],"versions":["0.12","0.12.1","0.13","0.13.1","0.13.2","1.0.0","1.1.0","1.2.0","1.2.1","2.0.0","2.1.0","2.2.0","2.3.0","2.3.1","2.4.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fc2-rm35-2pp7/GHSA-7fc2-rm35-2pp7.json"}},{"package":{"name":"ipython","ecosystem":"PyPI","purl":"pkg:pypi/ipython"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0"},{"fixed":"3.2.3"}]}],"versions":["3.0.0","3.1.0","3.2.0","3.2.1","3.2.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7fc2-rm35-2pp7/GHSA-7fc2-rm35-2pp7.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}