CVE-2014-3429
IPython Notebook vulnerable to improper validation of the origin of websocket requests
9.8
CRITICAL
CVSS 3.1
EPSS 2.1%
Description
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
How to fix CVE-2014-3429
To remediate CVE-2014-3429, upgrade the affected package to a fixed version below.
- Debian/ipython—upgrade to 1.2.0~rc1-1 or later
- —upgrade to 1.2.0 or later
- —upgrade to 1.2.0 or later
Is CVE-2014-3429 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.2.0~rc1-1
- >= 0.12, < 1.2.0
- >= 0.12, < 1.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |