Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-1010083

Опубликовано: 17 июл. 2019
Источник: debian
EPSS Низкий

Описание

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
flaskfixed1.0.2-1package
flaskno-dsastretchpackage
flaskignoredjessiepackage

Примечания

  • https://www.palletsprojects.com/blog/flask-1-0-released/

  • https://github.com/pallets/flask/pull/2691/commits/ab4142215d836b0298fc47fa1e4b75408b9c37a0 (1.0)

  • After communication with MITRE, this CVE *might* overlap CVE-2018-1000656.

  • CVE-2019-1010083 was back then assigned by the DWF CNA, but the exact scope

  • of the CVE is unclear and might for instance be for an incomplete fix of

  • CVE-2018-1000656. As such it was only noted with a "may overlap". The

  • CVE-2019-1010083 only refers to the 1.0 release announcement and it is

  • guaranteed that it relates as well to pull request 2691. Upstream itself did

  • not comment on direct pings/questions back.

EPSS

Процентиль: 60%
0.00399
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-1010083

CVSS3: 7.5
ubuntu
больше 6 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

redhat логотип

CVE-2019-1010083

CVSS3: 7.5
redhat
почти 8 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

nvd логотип

CVE-2019-1010083

CVSS3: 7.5
nvd
больше 6 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

suse-cvrf логотип

SUSE-SU-2023:1928-1

suse-cvrf
почти 3 года назад

Security update for python-Flask

github логотип

GHSA-5wv5-4vpf-pj6m

CVSS3: 7.5
github
больше 6 лет назад

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

EPSS

Процентиль: 60%
0.00399
Низкий