Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

GHSA-5wv5-4vpf-pj6m · CVE-2019-1010083 · PYSEC-2019-179

Published Jul 19, 2019 · Modified Sep 20, 2024

Description

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-1010083
ADVISORY https://github.com/advisories/GHSA-5wv5-4vpf-pj6m
PACKAGE https://github.com/pallets/flask
WEB https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
WEB https://www.palletsprojects.com/blog/flask-1-0-released

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes