Описание
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
Отчет
This issue affects the versions of python-flask as shipped with Red Hat Enterprise Linux 7. Although Red Hat Satellite 6 contains the vulnerable component, the former is not affected due to python-flask only receiving JSON data created by other Red Hat Satellite 6 components, not user-controlled JSON data, which makes the attack unfeasible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-flask | Affected | ||
| Red Hat Ceph Storage 3 | python-flask | Affected | ||
| Red Hat Ceph Storage 7 | python-flask | Affected | ||
| Red Hat Enterprise Linux 8 | python-flask | Not affected | ||
| Red Hat Satellite 6 | python-flask | Not affected | ||
| Red Hat Storage 3 | python-flask | Affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | python-flask | Fix deferred | ||
| Red Hat Enterprise Linux 7 Extras | python-flask | Fixed | RHSA-2020:0870 | 17.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Imp ...
EPSS
7.5 High
CVSS3