VDB
GCVE-110-MAGEIA-2015-300
GCVE-110-MAGEIA-2015-300
Advisory Published
JSON error responses from the IPython notebook REST API contained
URL parameters and were incorrectly reported as text/html instead of
application/json. The error messages included some of these URL params,
resulting in a cross site scripting attack (CVE-2015-4707).
POST requests exposed via the IPython REST API are vulnerable to
cross-site request forgery (CSRF). Web pages on different domains can make
non-AJAX POST requests to known IPython URLs, and IPython will honor them.
The user's browser will automatically send IPython cookies along with the
requests. The response is blocked by the Same-Origin Policy, but the
request isn't (CVE-2015-5607).
The Mageia 5 package has been patched to fix these issues. The Mageia 4
package wasn't vulnerable to CVE-2015-4707, but it has been updated and
patched to fix CVE-2015-5607.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ipython | 0 (affected), 2.3.0-1.mga4 (unaffected) | — |
| Mageia | ipython | 0 (affected), 2.3.0-2.2.mga5 (unaffected) | — |
Aliases
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.