High severityNVD Advisory· Published Jan 19, 2022· Updated Apr 22, 2025
Execution with Unnecessary Privileges in ipython
CVE-2022-21699
Description
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ipythonPyPI | < 5.11 | 5.11 |
ipythonPyPI | >= 6.0.0, < 7.16.3 | 7.16.3 |
ipythonPyPI | >= 7.17.0, < 7.31.1 | 7.31.1 |
ipythonPyPI | >= 8.0.0, < 8.0.1 | 8.0.1 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:pypi/ipythonpkg:rpm/opensuse/python-ipython&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-ipython&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-ipython-test&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/python-ipython&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/python-ipython-test&distro=SUSE%20Package%20Hub%2015%20SP3
< 2.4.0-r0+ 7 more
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: < 5.11
- (no CPE)range: < 7.13.0-bp153.2.6.1
- (no CPE)range: < 8.31.0-1.1
- (no CPE)range: < 7.13.0-bp153.2.6.6
- (no CPE)range: < 7.13.0-bp153.2.6.1
- (no CPE)range: < 7.13.0-bp153.2.6.6
- Range: < 5.11
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-pq7m-3gw7-gq5xghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2022-21699ghsaADVISORY
- github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668ghsax_refsource_MISCWEB
- github.com/ipython/ipython/commit/5fa1e409d2dc126c456510c16ece18e08b524e5bghsaWEB
- github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4dghsaWEB
- github.com/ipython/ipython/commit/a06ca837273271b4acb82c29be97c0b6d12a30eaghsaWEB
- github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5xghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2022-12.yamlghsaWEB
- ipython.readthedocs.io/en/stable/whatsnew/version8.htmlghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2022/01/msg00021.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZKghsaWEB
News mentions
0No linked articles in our index yet.