Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

Published

2018-08-20T19:31:45.340

Last Modified

2024-11-21T03:40:20.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	palletsprojects	flask	< 0.12.3	Yes
Application	netapp	active_iq	*	Yes
Application	netapp	hyper_converged_infrastructure	*	Yes
Application	netapp	ontap_select_deploy_utility	*	Yes

References

https://github.com/pallets/flask/pull/2691 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/pallets/flask/releases/tag/0.12.3 Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html ([email protected])
https://security.netapp.com/advisory/ntap-20190221-0001/ Patch, Third Party Advisory ([email protected])
https://usn.ubuntu.com/4378-1/ ([email protected])
https://github.com/pallets/flask/pull/2691 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pallets/flask/releases/tag/0.12.3 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190221-0001/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4378-1/ (af854a3a-2127-422b-91ae-364da2661108)