CVE-2022-21699
HIGHIPython < 5.10.0 - Arbitrary Code Execution via Cross-User Temporary File Mismanagement
Title source: llmDescription
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
References (6)
Core 6
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
Patch, Third Party Advisory x_refsource_misc
https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
Release Notes, Third Party Advisory x_refsource_misc
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/
Scores
CVSS v3
8.2
EPSS
0.0066
EPSS Percentile
46.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
CWE-250
CWE-279
Status
published
Products (7)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
34
fedoraproject/fedora
35
ipython/ipython
< 5.10.0
pypi/ipython
0 - 5.11PyPI
Published
Jan 19, 2022
Tracked Since
Feb 18, 2026