Bug 1125937

Summary: ipython: insecure loading of the MathJax library
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mrunge, orion, shahms, tomspur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:45:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1125938, 1125939    
Bug Blocks:    

Description Martin Prpič 2014-08-01 11:32:05 UTC 
It was reported [1],[2] that when an IPython notebook is used without encryption (that is, running over HTTP instead of HTTPS), the MathJax library is loaded over HTTP. A man-in-the-middle attacker could potentially use this flaw to execute arbitrary code in a local IPython notebook by modifying the loaded MathJax JavaScript code.

This issue is fixed in the upcoming version 2.2 with the patch available at [3].

The report indicates versions 0.12 to 2.1 are vulnerable to this flaw. The version of IPython shipped with EPEL5 (0.8.4) is not vulnerable to this issue as the vulnerable code that loads MathJax is not present.

[1] https://github.com/ipython/ipython/issues/6246
[2] http://seclists.org/oss-sec/2014/q3/272
[3] https://github.com/ipython/ipython/commit/cf793ebc4f9e8483f104667e4c73748357fa8c56
Comment 1 Martin Prpič 2014-08-01 11:34:31 UTC 
Created ipython tracking bugs for this issue:

Affects: fedora-all [bug 1125938]
Affects: epel-6 [bug 1125939]