CVE-2014-3429
Summary
| CVE | CVE-2014-3429 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-08-07 11:13:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ipython | Ipython Notebook | 0.12 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.12.1 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13.1 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13.2 | All | All | All |
| Application | Ipython | Ipython Notebook | 1.0.0 | All | All | All |
| Application | Ipython | Ipython Notebook | 1.1.0 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.12 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.12.1 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13.1 | All | All | All |
| Application | Ipython | Ipython Notebook | 0.13.2 | All | All | All |
| Application | Ipython | Ipython Notebook | 1.0.0 | All | All | All |
| Application | Ipython | Ipython Notebook | 1.1.0 | All | All | All |
| Operating System | Mageia | Mageia | 3.0 | All | All | All |
| Operating System | Mageia | Mageia | 4.0 | All | All | All |
| Operating System | Mageia | Mageia | 3.0 | All | All | All |
| Operating System | Mageia | Mageia | 4.0 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mageia Advisory: MGASA-2014-0320 - Updated ipython package fixes security vulnerability | CONFIRM | advisories.mageia.org | Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2015:160 | Mandriva | MANDRIVA | www.mandriva.com | Broken Link |
| oss-sec: IPython Notebook Cross 2014-3429 | MLIST | seclists.org | Third Party Advisory, VDB Entry |
| Bug 1119890 – CVE-2014-3429 ipython: cross-domain websocket hijacking vulnerability | CONFIRM | bugzilla.redhat.com | Issue Tracking |
| openSUSE-SU-2014:1060-1: moderate: update for IPython | SUSE | lists.opensuse.org | Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Add Origin Checking. by rgbkrk · Pull Request #4845 · ipython/ipython · GitHub | CONFIRM | github.com | Issue Tracking, Patch |
| Vulnerability in IPython Notebook ≤ 1.1 | MLIST | permalink.gmane.org | Broken Link |
| One Weird Kernel Trick | CONFIRM | lambdaops.com | Press/Media Coverage, Technical Description |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.