{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37918?format=json","vulnerability_id":"VCID-t97s-sas4-dfab","summary":"Remote Code Execution using maliciously forged file\nA maliciously forged file opened for editing can execute javascript, specifically by being redirected to /files/ due to a failure to treat the file as plain text.","aliases":[{"alias":"GMS-2015-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9049?format=json","purl":"pkg:pypi/ipython@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8kr7-qef4-xfdf"},{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/201348?format=json","purl":"pkg:pypi/ipython@4.0.0-b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@4.0.0-b1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10313?format=json","purl":"pkg:pypi/ipython@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1m6w-n7j5-fbe6"},{"vulnerability":"VCID-2n2r-fjmn-qfdw"},{"vulnerability":"VCID-5zeg-ehzk-h7h2"},{"vulnerability":"VCID-8kr7-qef4-xfdf"},{"vulnerability":"VCID-depy-wnds-buaq"},{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-t97s-sas4-dfab"},{"vulnerability":"VCID-udjh-qnjk-c7cw"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10314?format=json","purl":"pkg:pypi/ipython@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1m6w-n7j5-fbe6"},{"vulnerability":"VCID-2n2r-fjmn-qfdw"},{"vulnerability":"VCID-5zeg-ehzk-h7h2"},{"vulnerability":"VCID-8kr7-qef4-xfdf"},{"vulnerability":"VCID-depy-wnds-buaq"},{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-t97s-sas4-dfab"},{"vulnerability":"VCID-udjh-qnjk-c7cw"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10312?format=json","purl":"pkg:pypi/ipython@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1m6w-n7j5-fbe6"},{"vulnerability":"VCID-2n2r-fjmn-qfdw"},{"vulnerability":"VCID-8kr7-qef4-xfdf"},{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-t97s-sas4-dfab"},{"vulnerability":"VCID-udjh-qnjk-c7cw"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10311?format=json","purl":"pkg:pypi/ipython@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1m6w-n7j5-fbe6"},{"vulnerability":"VCID-2n2r-fjmn-qfdw"},{"vulnerability":"VCID-8kr7-qef4-xfdf"},{"vulnerability":"VCID-nhny-9wrt-vfda"},{"vulnerability":"VCID-t97s-sas4-dfab"},{"vulnerability":"VCID-udjh-qnjk-c7cw"},{"vulnerability":"VCID-we9m-7bmq-gygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipython@3.2.1"}],"references":[{"reference_url":"https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t97s-sas4-dfab"}