CVE-2018-1000656
python-flask: Denial of Service via crafted JSON file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
Flask de The Pallets Project en versiones anteriores a la 0.12.3 contiene una vulnerabilidad CWE-20: Validación de entradas incorrecta en flask que puede dar lugar al uso de una gran cantidad de memoria, posiblemente conduciendo a una denegación de servicio (DoS). Este ataque parece ser explotable si el atacante proporciona datos JSON en la codificación incorrecta. La vulnerabilidad parece haber sido solucionada en la versión 0.12.3.NOTA: esto puede superponerse a CVE-2019-1010083.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-15 CVE Reserved
- 2018-08-20 CVE Published
- 2024-06-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://github.com/pallets/flask/releases/tag/0.12.3 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/pallets/flask/pull/2691 | 2020-06-09 | |
https://security.netapp.com/advisory/ntap-20190221-0001 | 2020-06-09 |
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4378-1 | 2020-06-09 | |
https://access.redhat.com/security/cve/CVE-2018-1000656 | 2020-03-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1623131 | 2020-03-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Palletsprojects Search vendor "Palletsprojects" | Flask Search vendor "Palletsprojects" for product "Flask" | < 0.12.3 Search vendor "Palletsprojects" for product "Flask" and version " < 0.12.3" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Search vendor "Netapp" for product "Active Iq" | * | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hyper Converged Infrastructure Search vendor "Netapp" for product "Hyper Converged Infrastructure" | * | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Utility Search vendor "Netapp" for product "Ontap Select Deploy Utility" | * | - |
Affected
|