QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6938

Published: Sep 21, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2015:1699

vendor-advisory

x_refsource_SUSE

https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1259405

x_refsource_CONFIRM

[oss-security] 20150902 CVE Request : CSRF in IPython/Jupyter notebook Tree.

mailing-list

x_refsource_MLIST

[oss-security] 20150914 Re: CVE Request : CSRF in IPython/Jupyter notebook Tree.

mailing-list

x_refsource_MLIST

https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3

x_refsource_CONFIRM

FEDORA-2015-16128

vendor-advisory

x_refsource_FEDORA

https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed

x_refsource_CONFIRM

FEDORA-2015-14901

vendor-advisory

x_refsource_FEDORA

FEDORA-2015-14902

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.