What is CVE-2015-7337?

CVE-2015-7337 is a vulnerability in Ipython Notebook, classified under Improper Input Validation. Published 2015-09-29.

Is CVE-2015-7337 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Ipython Notebook

CVE-2015-7337

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

Affected products

Ipython Notebook
Jupyter Notebook — versions 4.0.0, 4.0.1, 4.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

GLSA-201512-02 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20150916 CVE Request: Maliciously crafted text files in IPython/Jupyter editor (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
FEDORA-2015-16128 (x_refsource_FEDORA, vendor-advisory)
[oss-security] 20150924 Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2015-7337?: CVE-2015-7337 is a vulnerability in Ipython Notebook, classified under Improper Input Validation. Published 2015-09-29.
Is CVE-2015-7337 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.