Stay alert! IPython code execution (23-7-2021)

Preface: IPython offers an enhanced read-eval-print loop (REPL) environment particularly well adapted to scientific computing. In other words, IPython is a powerful interface to the Python language.

Background: IPython provides a rich toolkit to help you make the most out of using Python, with:

  • Powerful Python shells (terminal and Qt-based).
  • A web-based notebook with the same core features but support for code, text, mathematical expressions, inline plots and other rich media.
  • Support for interactive data visualization and use of GUI toolkits.
  • Flexible, embeddable interpreters to load into your own projects.
  • Easy to use, high performance tools for parallel computing.

Vulnerability details: IPython could allow a remote attacker to execute arbitrary code on the system, caused by improper permission assignment.
By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code from the
current working directory.

Remedy: No remedy available as of July 22, 2021.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.