QwikSec

Security Database

CVE

CWE

Training

CVE-2022-21699

Published: Jan 19, 2022

Modified: Apr 22, 2025

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Vendor	Product	Versions
ipython	ipython	affected `< 5.11` affected `>= 6.0.0, < 7.16.3` affected `>= 7.17.0, < 7.31.1` affected `>= 8.0.0, < 8.0.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

x_refsource_CONFIRM

https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668

x_refsource_MISC

https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699

x_refsource_MISC

[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update

mailing-list

x_refsource_MLIST

FEDORA-2022-b58d156ab0

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-b9e38f8a56

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.