CVE-2018-1000656
Last modified
CVE-2018-1000656 is a vulnerability of currently unknown severity. The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. EPSS estimates a 3.85% chance of exploitation in the next 30 days.
Description
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Palletsprojects | Flask | < 0.12.3 |
| Netapp | Active Iq | All versions |
| Netapp | Hyper Converged Infrastructure | All versions |
| Netapp | Ontap Select Deploy Utility | All versions |
References
- https://github.com/pallets/flask/pull/2691Issue Tracking, Patch, Third Party Advisory
- https://github.com/pallets/flask/releases/tag/0.12.3Third Party Advisory
- https://security.netapp.com/advisory/ntap-20190221-0001/Patch, Third Party Advisory
- https://github.com/pallets/flask/pull/2691Issue Tracking, Patch, Third Party Advisory
- https://github.com/pallets/flask/releases/tag/0.12.3Third Party Advisory
- https://security.netapp.com/advisory/ntap-20190221-0001/Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000656?
How severe is CVE-2018-1000656?
How do I fix CVE-2018-1000656?
Are you affected by CVE-2018-1000656?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST