Lucene search

GitHub_MCVE-2022-21699

HistoryJan 19, 2022 - 10:15 p.m.

CVE-2022-21699

2022-01-1922:15:09

CWE-269

CWE-250

CWE-279

GitHub_M

web.nvd.nist.gov

121

ipython

interactive python

command shell

arbitrary code execution

vulnerability

cross user temporary files

upgrade

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Affected configurations

Nvd

Vulners

Node

ipythonipythonRange≤5.10.0

ipythonipythonRange6.0.0–7.16.3

ipythonipythonRange7.17.0–7.31.1

ipythonipythonRange8.0.0–8.0.1

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

VendorProductVersionCPE
ipythonipython*cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ipython	ipython	*	cpe:2.3:a:ipython:ipython::::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*

CNA Affected

[
  {
    "product": "ipython",
    "vendor": "ipython",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.11"
      },
      {
        "status": "affected",
        "version": ">= 6.0.0, < 7.16.3"
      },
      {
        "status": "affected",
        "version": ">= 7.17.0, < 7.31.1"
      },
      {
        "status": "affected",
        "version": ">= 8.0.0, < 8.0.1"
      }
    ]
  }
]