Back to search
CVE-2018-1000656
Published: Aug 20, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://security.netapp.com/advisory/ntap-20190221-0001/
x_refsource_CONFIRM
https://github.com/pallets/flask/pull/2691
x_refsource_CONFIRM
https://github.com/pallets/flask/releases/tag/0.12.3
x_refsource_CONFIRM
[debian-lts-announce] 20190820 [SECURITY] [DLA 1892-1] flask security update
mailing-list
x_refsource_MLIST
USN-4378-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now