Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.
Permalink: https://github.com/advisories/GHSA-5wv5-4vpf-pj6mJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 5 years ago
Updated: 9 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-5wv5-4vpf-pj6m, CVE-2019-1010083
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010083
- https://www.palletsprojects.com/blog/flask-1-0-released/
- https://github.com/advisories/GHSA-5wv5-4vpf-pj6m
Affected Packages
pypi:flask
Dependent packages: 1,970Dependent repositories: 119,058
Downloads: 90,460,139 last month
Affected Version Ranges: < 1.0
Fixed in: 1.0
All affected versions: 0.3.1, 0.5.1, 0.5.2, 0.6.1, 0.7.1, 0.7.2, 0.8.1, 0.10.1, 0.11.1, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5
All unaffected versions: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3