1125937 – ipython: insecure loading of the MathJax library

Bug 1125937 - ipython: insecure loading of the MathJax library

Summary: ipython: insecure loading of the MathJax library

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1125938 1125939
Blocks:
TreeView+	depends on / blocked

Reported:	2014-08-01 11:32 UTC by Martin Prpič
Modified:	2021-10-20 10:45 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:45:51 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2014-08-01 11:32:05 UTC

It was reported [1],[2] that when an IPython notebook is used without encryption (that is, running over HTTP instead of HTTPS), the MathJax library is loaded over HTTP. A man-in-the-middle attacker could potentially use this flaw to execute arbitrary code in a local IPython notebook by modifying the loaded MathJax JavaScript code.

This issue is fixed in the upcoming version 2.2 with the patch available at [3].

The report indicates versions 0.12 to 2.1 are vulnerable to this flaw. The version of IPython shipped with EPEL5 (0.8.4) is not vulnerable to this issue as the vulnerable code that loads MathJax is not present.

[1] https://github.com/ipython/ipython/issues/6246
[2] http://seclists.org/oss-sec/2014/q3/272
[3] https://github.com/ipython/ipython/commit/cf793ebc4f9e8483f104667e4c73748357fa8c56

Comment 1 Martin Prpič 2014-08-01 11:34:31 UTC

Created ipython tracking bugs for this issue:

Affects: fedora-all [bug 1125938]
Affects: epel-6 [bug 1125939]

Note You need to log in before you can comment on or make changes to this bug.