CVE-2018-3650

CWE-20 — Improper Input Validation CWE-196 documents5 sources

Severity

7.8HIGH

EPSS

0.1%

top 81.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Distribution FOR Python Intel Corporation Intel Distribution FOR Python

Timeline

PublishedAug 1

Latest updateMay 14

Description

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel_corporation/intel_distribution_for_pythonBefore 2018 Update 2

▶NVDintel/distribution< 2018+1

🔴Vulnerability Details

GHSA

GHSA-v5j7-m2vx-ghr9: Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass↗2022-05-14

▶

CVEList

CVE-2018-3650: Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass↗2018-08-01

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability↗2018-03-28

▶

💬Community

Bugzilla

CVE-2018-15908 ghostscript: .tempfile file permission issues (699657)↗2018-08-21

▶

Bugzilla

CVE-2018-7562 glpi: Race condition allowing temporary access to an uploaded executable file leading to code execution↗2018-03-13

▶