{"id":"PYSEC-2017-46","details":"Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.","aliases":["CVE-2015-4707","GHSA-66gw-5xpf-gfp5"],"modified":"2023-11-01T04:46:08.978410Z","published":"2017-09-20T18:29:00Z","references":[{"type":"WEB","url":"https://ipython.org/ipython-doc/3/whatsnew/version3.html"},{"type":"FIX","url":"https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c"},{"type":"FIX","url":"https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1235688"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/06/22/7"},{"type":"WEB","url":"http://www.securityfocus.com/bid/75328"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-66gw-5xpf-gfp5"}],"affected":[{"package":{"name":"ipython","ecosystem":"PyPI","purl":"pkg:pypi/ipython"},"ranges":[{"type":"GIT","repo":"https://github.com/ipython/ipython","events":[{"introduced":"0"},{"fixed":"c2078a53543ed502efd968649fee1125e0eb549c"},{"fixed":"7222bd53ad089a65fd610fab4626f9d0ab47dfce"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.0"}]}],"versions":["0.10","0.10.1","0.10.2","0.11","0.12","0.12.1","0.13","0.13.1","0.13.2","0.6.10","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.1.fix1","0.7.2","0.7.3","0.7.4.svn.r2010","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.9","0.9.1","1.0.0","1.1.0","1.2.0","1.2.1","2.0.0","2.1.0","2.2.0","2.3.0","2.3.1","2.4.0","2.4.1","3.0.0","3.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ipython/PYSEC-2017-46.yaml"}}],"schema_version":"1.7.3"}