Python libraries update (MINDBREEZE30937)
ID: MINDBREEZE30937
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 6.8 Medium
Status: Final
First published: July 31, 2024
CVEs: CVE-2023-29483, CVE-2024-3651, CVE-2024-28102, CVE-2024-28219
Summary
- dnspython: denial of service in stub resolver
- python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
- python-jwcrypto: malicious JWE token can cause denial of service
- python-pillow: buffer overflow in _imagingcms.c
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.4 Release
- Mindbreeze InSpire SaaS 24.4 Release