ipython is vulnerable to arbitrary code execution. The vulnerability exists because the library does not properly manage the cross-user temporary files, allowing an attacker to run code as another user by executing malicious untrusted files through the current working directory.
github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
github.com/ipython/ipython/commit/5fa1e409d2dc126c456510c16ece18e08b524e5b
github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4d
github.com/ipython/ipython/commit/a06ca837273271b4acb82c29be97c0b6d12a30ea
github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
lists.debian.org/debian-lts-announce/2022/01/msg00021.html
lists.fedoraproject.org/archives/list/[email protected]/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
lists.fedoraproject.org/archives/list/[email protected]/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/