Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000656

Опубликовано: 20 авг. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

РелизСтатусПримечание
bionic

released

0.12.2-3ubuntu0.1
cosmic

not-affected

1.0.2-1
devel

not-affected

1.0.2-1
disco

not-affected

1.0.2-1
eoan

not-affected

1.0.2-1
esm-infra-legacy/trusty

DNE

trusty/esm was released [0.10.1-2ubuntu0.1~esm1]
esm-infra/bionic

released

0.12.2-3ubuntu0.1
esm-infra/focal

not-affected

1.0.2-1
esm-infra/xenial

released

0.10.1-2ubuntu0.1
focal

not-affected

1.0.2-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%
0.006
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000656

CVSS3: 7.5
redhat
почти 8 лет назад

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

nvd логотип

CVE-2018-1000656

CVSS3: 7.5
nvd
больше 7 лет назад

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

debian логотип

CVE-2018-1000656

CVSS3: 7.5
debian
больше 7 лет назад

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Imp ...

suse-cvrf логотип

openSUSE-SU-2019:1112-1

suse-cvrf
почти 7 лет назад

Security update for python-Flask

suse-cvrf логотип

SUSE-SU-2019:0657-1

suse-cvrf
почти 7 лет назад

Security update for python-Flask

EPSS

Процентиль: 69%
0.006
Низкий

5 Medium

CVSS2

7.5 High

CVSS3