CVE-2019-1010083

HIGH7.5EPSS 0.47%

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

Published: 7/19/2019Modified: 9/20/2024

Also known as:GHSA-5wv5-4vpf-pj6mDEBIAN-CVE-2019-1010083PYSEC-2019-179

Description

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.

Affected packages (3)

Debian/flaskfrom 0, < 1.0.2-1
PyPI/flaskfrom 0, < 1.0
PyPI/flaskfrom 0, < 1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (7)

ADVISORYhttps://github.com/advisories/GHSA-5wv5-4vpf-pj6m
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010083
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-1010083
ADVISORYhttps://www.palletsprojects.com/blog/flask-1-0-released/
PATCHhttps://github.com/pallets/flask
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
WEBhttps://www.palletsprojects.com/blog/flask-1-0-released