CVE-2022-21699 HIGH

CVE-2022-21699: Execution with Unnecessary Privileges in ipython

Vendor Ipython

Product ipython

Weakness CWE-250

Published January 19, 2022

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Key dates

Disclosure timeline

January 19, 2022 CVE published

April 22, 2025 Record updated

Identifiers

CVE CVE-2022-21699

CWE CWE-250

CVSS 8.2 / HIGH

Affected versions

Vendor Ipython

Product ipython

Affected < 5.11

Vendor Ipython

Product ipython

Affected >= 6.0.0, < 7.16.3

Vendor Ipython

Product ipython

Affected >= 7.17.0, < 7.31.1

Vendor Ipython

Product ipython

Affected >= 8.0.0, < 8.0.1