CVE-2022-21699

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-21699

Severity

8.2

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Execution with Unnecessary Privileges in ipython

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-21699
https://github.com/advisories/GHSA-pq7m-3gw7-gq5x
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21699.json
https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2022-21699

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company