Vulnerability Description
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipython | Ipython | <= 5.10.0 |
| Debian | Debian Linux | 9.0 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede56PatchThird Party Advisory
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5xExploitThird Party Advisory
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cvRelease NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00021.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede56PatchThird Party Advisory
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5xExploitThird Party Advisory
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cvRelease NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00021.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-21699?
CVE-2022-21699 is a vulnerability with a CVSS score of 8.2 (HIGH). IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to ...
How severe is CVE-2022-21699?
CVE-2022-21699 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21699?
Check the references section above for vendor advisories and patch information. Affected products include: Ipython Ipython, Debian Debian Linux, Fedoraproject Fedora.