CVE-2022-21699

Published Jan 19, 2022

Last updated a year ago

Overview

Description: IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
Source: security-advisories@github.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 6
Exploitability score: 2
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

security-advisories@github.com: CWE-250
nvd@nist.gov: CWE-269

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A91357-8D8B-45C5-820C-369BB5EA502F",
            "versionEndIncluding": "5.10.0"
          },
          {
            "criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD1676DE-BE33-4992-9A42-1293B5D4A667",
            "versionEndExcluding": "7.16.3",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91125C7A-AEB7-4B1C-AB63-0F3374CF1735",
            "versionEndExcluding": "7.31.1",
            "versionStartIncluding": "7.17.0"
          },
          {
            "criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FB4B7D2-9DFF-4454-BD7C-5686546CC209",
            "versionEndExcluding": "8.0.1",
            "versionStartIncluding": "8.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References