GHSA-5wv5-4vpf-pj6m

Source

https://github.com/advisories/GHSA-5wv5-4vpf-pj6m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-5wv5-4vpf-pj6m/GHSA-5wv5-4vpf-pj6m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5wv5-4vpf-pj6m

Aliases

Published

2019-07-19T16:12:46Z

Modified

2024-02-21T05:32:38.599465Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

Details

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.

References

Affected packages

PyPI / flask

Package

Name: flask; View open source insights on deps.dev
Purl: pkg:pypi/flask

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0

Affected versions

0.*

0.1

0.2

0.3

0.3.1

0.4

0.5

0.5.1

0.5.2

0.6

0.6.1

0.7

0.7.1

0.7.2

0.8

0.8.1

0.9

0.10

0.10.1

0.11

0.11.1

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5