Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector

Summary:

Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector.

Description:

A vulnerable version of the Mozilla Bleach library module (CVE-2018-7753) was included in the Intel® Distribution for Python potentially allowing certain improperly sanitized inputs to bypass Bleach URI sanitization and cause a Denial of Service. Intel has assigned CVE-2018- 3650 to this issue. This update provides the corrected version of bleach that resolves CVE- 2018-7753.
• CVE-2018-3650: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (HIGH 8.4)

Affected products:

Intel® Distribution for Python versions IDP 2018 Update 2

Recommendations:

Update bleach module to the latest version or update to IDP 2018 Update 3 at:
<https://software.intel.com/en-us/distribution-for-python&gt;

Acknowledgements:

This issue was found internally by Intel during validation.