CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24816 – set_term_title command injection in ipython
https://notcve.org/view.php?id=CVE-2023-24816
10 Feb 2023 — IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vu... • https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-21699 – Execution with Unnecessary Privileges in ipython
https://notcve.org/view.php?id=CVE-2022-21699
19 Jan 2022 — IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. IPython (Interactive Python) es un shell de comandos para la computación interactiva en múltipl... • https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-279: Incorrect Execution-Assigned Permissions •