FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

devel/ipython -- remote execution

Affected packages
ipython < 3.2.0

Details

VuXML ID a4460ac7-192c-11e5-9c01-bcaec55be5e5
Discovery 2015-06-22
Entry 2015-06-22

Kyle Kelley reports:

Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects users on Mozilla Firefox but not Chromium/Google Chrome.

API paths with issues:

References

CVE Name CVE-2015-4706
CVE Name CVE-2015-4707
URL http://seclists.org/oss-sec/2015/q2/779