CVE-2022-21699

CVE-2022-21699

Name

CVE-2022-21699

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
CONFIRM	https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
MISC	https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
MLIST	https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/

Type

URI

MISC

https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699

CONFIRM

https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

MISC

https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668

MLIST

https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ipython:ipython::::::::`	ipython	>= None	<= 5.10.0
`cpe:2.3:a:ipython:ipython::::::::`	ipython	>= 6.0.0	< 7.16.3
`cpe:2.3:a:ipython:ipython::::::::`	ipython	>= 7.17.0	< 7.31.1
`cpe:2.3:a:ipython:ipython::::::::`	ipython	>= 8.0.0	< 8.0.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*

ipython

>= None

<= 5.10.0

cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*

ipython

>= 6.0.0

< 7.16.3

cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*

ipython

>= 7.17.0

< 7.31.1

cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*

ipython

>= 8.0.0

< 8.0.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ipython	edge-community	7.31.1-r0	Kevin Daudt <kdaudt@alpinelinux.org>	fixed
ipython	3.22-community	7.31.1-r0	None	fixed
ipython	3.21-community	7.31.1-r0	None	fixed
ipython	3.20-community	7.31.1-r0	None	fixed
ipython	3.19-community	7.31.1-r0	None	fixed
ipython	3.18-community	7.31.1-r0	None	fixed
ipython	3.17-community	7.31.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

ipython

edge-community

7.31.1-r0

Kevin Daudt <kdaudt@alpinelinux.org>

fixed

ipython

3.22-community