CVE-2022-21699

moderate-risk
Published 2022-01-19

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10 High
LOCAL / LOW complexity

Affected Products (6)

Ipython

Affected Vendors

Debian Fedoraproject Ipython

References (12)

Patch https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede56...
Exploit https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
Release Notes https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cv...
Mailing List https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede56...
Exploit https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
Release Notes https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cv...
Mailing List https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
42
/ 100
moderate-risk
Severity 25/34 · High
Exploitability 4/34 · Minimal
Exposure 13/34 · Low