CVE-2018-1000656

Priority
Description
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper
Input Validation vulnerability in flask that can result in Large amount of
memory usage possibly leading to denial of service. This attack appear to
be exploitable via Attacker provides JSON data in incorrect encoding. This
vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap
CVE-2019-1010083.
Assigned-to
leosilva
Notes
Package
Source: flask (LP Ubuntu Debian)
Upstream:released (1.0.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.10.1-2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.12.2-3ubuntu0.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.0.2-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.0.2-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.0.2-1)
Patches:
Upstream:https://github.com/pallets/flask/commit/0e1e9a04aaf29ab78f721cfc79ac2a691f6e3929
Upstream:https://github.com/pallets/flask/pull/2691
More Information

Updated: 2020-06-03 12:14:58 UTC (commit 87f40cf19ebf8538511b488f443575822d0ea3cd)