HIGH✓ PATCH🇬🇧 English

CVE-2018-1000656

CVSS 7.5v3.0pub. 2018-08-20upd. 2024-11-21

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Netapp Active Iq

    APP
    Netapp
    wszystkie wersje
  • Netapp Hyper Converged Infrastructure

    APP
    Netapp
    wszystkie wersje
  • Netapp Ontap Select Deploy Utility

    APP
    Netapp
    wszystkie wersje
  • Palletsprojects Flask

    APP
    Palletsprojects
    < 0.12.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-30861HIGH7.5ten sam produkt

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a respons...

CVE-2022-24785HIGH7.5ten sam produkt

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path tra...

CVE-2019-1010083HIGH7.5ten sam produkt

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service...

CVE-2019-11486HIGH7.0ten sam produkt

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multipl...

CVE-2019-3462HIGH8.1ten sam produkt

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can ...