cvedb.io
CVE-2023-24816
MEDIUM · CVSS 4.5
EPSS exploitation probability: 0%
Published 2023-02-10T20:15:53.817 · Last modified 2026-06-17T05:39:55.213

Summary

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject

Affected products

ipython — ipython

Does this affect you?

Add your gear to cvedb and we'll alert you only when ipython ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.