{"api_version":"1","generated_at":"2026-05-13T08:50:27+00:00","cve":"CVE-2022-21699","urls":{"html":"https://cve.report/CVE-2022-21699","api":"https://cve.report/api/cve/CVE-2022-21699.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-21699","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-21699"},"summary":{"title":"CVE-2022-21699","description":"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-01-19 22:15:00","updated_at":"2023-11-07 03:43:00"},"problem_types":["CWE-250","CWE-279"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/","name":"FEDORA-2022-b58d156ab0","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: ipython-7.26.0-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/","name":"FEDORA-2022-b9e38f8a56","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: ipython-7.20.0-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html","name":"[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2896-1] ipython security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x","name":"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x","refsource":"CONFIRM","tags":[],"title":"Execution with Unnecessary Privileges in ipython · Advisory · ipython/ipython · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/","name":"FEDORA-2022-b58d156ab0","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: ipython-7.26.0-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699","name":"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699","refsource":"MISC","tags":[],"title":"8.x Series — IPython 8.0.0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/","name":"FEDORA-2022-b9e38f8a56","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: ipython-7.20.0-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668","name":"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668","refsource":"MISC","tags":[],"title":"Merge pull request from GHSA-pq7m-3gw7-gq5x · ipython/ipython@46a51ed · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-21699","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21699","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ipython","cpe5":"ipython","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"21699","vulnerable":"1","versionEndIncluding":"5.10.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ipython","cpe5":"ipython","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-21699","qid":"179028","title":"Debian Security Update for ipython (DLA 2896-1)"},{"cve":"CVE-2022-21699","qid":"179046","title":"Debian Security Update for ipython (DSA 5065-1)"},{"cve":"CVE-2022-21699","qid":"184542","title":"Debian Security Update for ipython (CVE-2022-21699)"},{"cve":"CVE-2022-21699","qid":"199529","title":"Ubuntu Security Notification for IPython Vulnerabilities (USN-5953-1)"},{"cve":"CVE-2022-21699","qid":"282374","title":"Fedora Security Update for ipython (FEDORA-2022-b9e38f8a56)"},{"cve":"CVE-2022-21699","qid":"282375","title":"Fedora Security Update for ipython (FEDORA-2022-b58d156ab0)"},{"cve":"CVE-2022-21699","qid":"502308","title":"Alpine Linux Security Update for ipython"},{"cve":"CVE-2022-21699","qid":"690983","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for ipython (35d1e192-628e-11ed-8c5e-641c67a117d8)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-21699","STATE":"PUBLIC","TITLE":"Execution with Unnecessary Privileges in ipython"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ipython","version":{"version_data":[{"version_value":"< 5.11"},{"version_value":">= 6.0.0, < 7.16.3"},{"version_value":">= 7.17.0, < 7.31.1"},{"version_value":">= 8.0.0, < 8.0.1"}]}}]},"vendor_name":"ipython"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-250: Execution with Unnecessary Privileges"}]},{"description":[{"lang":"eng","value":"CWE-279: Incorrect Execution-Assigned Permissions"}]}]},"references":{"reference_data":[{"name":"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x","refsource":"CONFIRM","url":"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"},{"name":"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668","refsource":"MISC","url":"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"},{"name":"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699","refsource":"MISC","url":"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"},{"refsource":"FEDORA","name":"FEDORA-2022-b58d156ab0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"},{"refsource":"FEDORA","name":"FEDORA-2022-b9e38f8a56","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"}]},"source":{"advisory":"GHSA-pq7m-3gw7-gq5x","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-01-19 22:15:00","lastModifiedDate":"2023-11-07 03:43:00","problem_types":["CWE-250","CWE-279"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*","versionEndIncluding":"5.10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*","versionStartIncluding":"7.17.0","versionEndExcluding":"7.31.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"7.16.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"21699","Ordinal":"221449","Title":"CVE-2022-21699","CVE":"CVE-2022-21699","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"21699","Ordinal":"1","NoteData":"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.","Type":"Description","Title":null},{"CveYear":"2022","CveId":"21699","Ordinal":"2","NoteData":"2022-01-19","Type":"Other","Title":"Published"},{"CveYear":"2022","CveId":"21699","Ordinal":"3","NoteData":"2022-02-11","Type":"Other","Title":"Modified"}]}}}