FreeBSD : devel/ipython -- remote execution (a4460ac7-192c-11e5-9c01-bcaec55be5e5)
Medium Nessus Plugin ID 84325
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionKyle Kelley reports :
Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects users on Mozilla Firefox but not Chromium/Google Chrome.
API paths with issues :
- /api/contents (3.0-3.1)
- /api/notebooks (2.0-2.4, 3.0-3.1)
SolutionUpdate the affected package.