CVE-2019-1010083
HIGH7.5EPSS 0.47%Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
發布日:2019/7/19修改日:2024/9/20
描述
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.
受影響套件(3)
- Debian/flaskfrom 0, < 1.0.2-1
- PyPI/flaskfrom 0, < 1.0
- PyPI/flaskfrom 0, < 1.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-5wv5-4vpf-pj6m
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010083
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-1010083
- ADVISORYhttps://www.palletsprojects.com/blog/flask-1-0-released/
- PATCHhttps://github.com/pallets/flask
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
- WEBhttps://www.palletsprojects.com/blog/flask-1-0-released