Insufficient Input Validation – Intel Distribution for Python (IDP) – Jul 2018

Mozilla’s bleach library is a security-related library. The design goals of Bleach is to sanitize input of malicious content. Furthermore it let software developer safely create links.

IPython is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language, that offers introspection, rich media, shell syntax, tab completion, and history.

Given a fragment of HTML, Bleach will parse it according to the HTML5 parsing algorithm and sanitize any disallowed tags or attributes.

But Intel announce the following statement in Jul 2018 (see below):

Synopsis – Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector.

Any interest? Perhaps you have this domain knowledge. Should you have interest, please refer below hyperlink.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html