Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.

Permalink: https://github.com/advisories/GHSA-5wv5-4vpf-pj6m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: 3 months ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00103
EPSS Percentile: 0.43507

Identifiers: GHSA-5wv5-4vpf-pj6m, CVE-2019-1010083
References: Blast Radius: 38.1

Affected Packages

pypi:flask
Dependent packages: 2,451
Dependent repositories: 119,058
Downloads: 108,030,249 last month
Affected Version Ranges: < 1.0
Fixed in: 1.0
All affected versions: 0.3.1, 0.5.1, 0.5.2, 0.6.1, 0.7.1, 0.7.2, 0.8.1, 0.10.1, 0.11.1, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5
All unaffected versions: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0