logo
DATABASE RESOURCES PRICING ABOUT US

Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector

Description

**Summary:** Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector. **Description:** A vulnerable version of the Mozilla Bleach library module (CVE-2018-7753) was included in the Intel® Distribution for Python potentially allowing certain improperly sanitized inputs to bypass Bleach URI sanitization and cause a Denial of Service. Intel has assigned CVE-2018- 3650 to this issue. This update provides the corrected version of bleach that resolves CVE- 2018-7753. • CVE-2018-3650: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (HIGH 8.4) **Affected products:** Intel® Distribution for Python versions IDP 2018 Update 2 **Recommendations:** Update bleach module to the latest version or update to IDP 2018 Update 3 at: <https://software.intel.com/en-us/distribution-for-python> **Acknowledgements:** This issue was found internally by Intel during validation.


Related