Candidate: CVE-2015-4707
PublicDate: 2017-09-20 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4707
 http://www.openwall.com/lists/oss-security/2015/06/22/4
Description:
 Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows
 remote attackers to inject arbitrary web script or HTML via vectors
 involving JSON error messages and the /api/notebooks path.
Ubuntu-Description:
Notes:
 tyhicks> It isn't clear if iPython versions less than 2.0 are affected
 debian>  Problematic code introduced in rel-2.0.0
Bugs:
Priority: low
Discovered-by: Ahmad Khan
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_ipython:
upstream_ipython: released (2.4.1-1)
precise_ipython: ignored (reached end-of-life)
precise/esm_ipython: DNE (precise was needs-triage)
trusty_ipython: ignored (out of standard support)
trusty/esm_ipython: needed
utopic_ipython: ignored (reached end-of-life)
vivid_ipython: ignored (reached end-of-life)
vivid/stable-phone-overlay_ipython: DNE
vivid/ubuntu-core_ipython: DNE
wily_ipython: ignored (reached end-of-life)
xenial_ipython: not-affected (2.4.1-1)
yakkety_ipython: ignored (reached end-of-life)
zesty_ipython: ignored (reached end-of-life)
artful_ipython: ignored (reached end-of-life)
bionic_ipython: not-affected (2.4.1-1)
cosmic_ipython: not-affected (2.4.1-1)
disco_ipython: not-affected (2.4.1-1)
eoan_ipython: not-affected (2.4.1-1)
focal_ipython: not-affected (2.4.1-1)
groovy_ipython: not-affected (2.4.1-1)
hirsute_ipython: not-affected (2.4.1-1)
impish_ipython: not-affected (2.4.1-1)
jammy_ipython: not-affected (2.4.1-1)
devel_ipython: not-affected (2.4.1-1)