Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010083

Опубликовано: 26 апр. 2018
Источник: redhat
CVSS3: 7.5

Описание

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

A flaw was found in python-flask. Unexpected memory usage can occur through specially crafted encoded JSON data. The highest threat from this vulnerability is to system availability. Note, this may overlap CVE-2018-1000656.

Отчет

Red Hat Satellite 6.5 ships an affected version of python-flask. However, the product is not vulnerable since the data component Crane receives from pulp_docker repository metadata with JSON uses UTF-8 encoding by default. Other supported versions of the Satellite are not affected by this vulnerability. Note: CVE-2019-1010083 is a duplicate of the flaw in CVE-2018-1000656. However, the 2019 flaw identifies newer affected products.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2python-flaskOut of support scope
Red Hat Ceph Storage 3python-flaskAffected
Red Hat Ceph Storage 7python-flaskAffected
Red Hat Enterprise Linux 7python-flaskNot affected
Red Hat Enterprise Linux 8python-flaskNot affected
Red Hat OpenShift Container Platform 4python-flaskNot affected
Red Hat OpenStack Platform 16 (Train)python-flaskNot affected
Red Hat Quay 3python-flaskNot affected
Red Hat Satellite 6python-flaskWill not fix
Red Hat Storage 3python-flaskAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1888007python-flask: unexpected memory usage can lead to denial of service via crafted encoded JSON data

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010083

CVSS3: 7.5
ubuntu
больше 6 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

nvd логотип

CVE-2019-1010083

CVSS3: 7.5
nvd
больше 6 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

debian логотип

CVE-2019-1010083

CVSS3: 7.5
debian
больше 6 лет назад

The Pallets Project Flask before 1.0 is affected by: unexpected memory ...

suse-cvrf логотип

SUSE-SU-2023:1928-1

suse-cvrf
почти 3 года назад

Security update for python-Flask

github логотип

GHSA-5wv5-4vpf-pj6m

CVSS3: 7.5
github
больше 6 лет назад

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

7.5 High

CVSS3