// For flags

CVE-2014-3429

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-07 CVE Reserved
  • 2014-08-07 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
0.12
Search vendor "Ipython" for product "Ipython Notebook" and version "0.12"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
0.12.1
Search vendor "Ipython" for product "Ipython Notebook" and version "0.12.1"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
0.13
Search vendor "Ipython" for product "Ipython Notebook" and version "0.13"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
0.13.1
Search vendor "Ipython" for product "Ipython Notebook" and version "0.13.1"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
0.13.2
Search vendor "Ipython" for product "Ipython Notebook" and version "0.13.2"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
1.0.0
Search vendor "Ipython" for product "Ipython Notebook" and version "1.0.0"
-
Affected
Ipython
Search vendor "Ipython"
Ipython Notebook
Search vendor "Ipython" for product "Ipython Notebook"
1.1.0
Search vendor "Ipython" for product "Ipython Notebook" and version "1.1.0"
-
Affected
Mageia
Search vendor "Mageia"
Mageia
Search vendor "Mageia" for product "Mageia"
3.0
Search vendor "Mageia" for product "Mageia" and version "3.0"
-
Affected
Mageia
Search vendor "Mageia"
Mageia
Search vendor "Mageia" for product "Mageia"
4.0
Search vendor "Mageia" for product "Mageia" and version "4.0"
-
Affected