Summary: under certain circumstances, ipython3 may execute code from the current working directory. This might be a problem if the current working directory is not trusted.
python3 is safe. Tested on ubuntu 20. The following session illustrates it: joro@bialokote:~/tests/dir2$ pwd /home/joro/tests/dir2 joro@bialokote:~/tests/dir2$ ipython3 --version 7.13.0 joro@bialokote:~/tests/dir2$ ls ~/tests/dir1 a.py joro-orig.py __pycache__ joro@bialokote:~/tests/dir2$ ls ~/tests/dir2 joro.py __pycache__ joro@bialokote:~/tests/dir2$ cat ~/tests/dir1/a.py try: import joro except: print("error in import") joro@bialokote:~/tests/dir2$ cat ~/tests/dir2/joro.py print("imported joro :)") joro@bialokote:~/tests/dir2$ ipython3 ~/tests/dir1/a.py imported joro :) joro@bialokote:~/tests/dir2$ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/