It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.
For the oldstable distribution (buster), this problem has been fixed
in version 5.8.0-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your ipython packages.