CVE-2022-21699
ipython - security update
8.2
HIGH
CVSS 3.1
EPSS 1.1%
Description
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
How to fix CVE-2022-21699
To remediate CVE-2022-21699, upgrade the affected package to a fixed version below.
- —upgrade to 7.20.0-1+deb11u1 or later
- —upgrade to 5.1.0-3+deb9u1 or later
- —upgrade to 5.8.0-1+deb10u1 or later
- —upgrade to 5.11 or later
- —upgrade to 46a51ed69cdf41b4333943d9ceeb945c4ede5668 or later
Is CVE-2022-21699 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 7.20.0-1+deb11u1
- from 0, < 5.1.0-3+deb9u1
- from 0, < 5.8.0-1+deb10u1
- from 0, < 5.11
- from 0, < 46a51ed69cdf41b4333943d9ceeb945c4ede5668 | from 0, < 6.0.0rc1, >= 6.0.0, < 7.16.3, >= 7.17.0, < 7.31.1, >= 8.0.0, < 8.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P |
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |