CVE-2019-1010083
First published: Wed Jul 17 2019(Updated: )
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.
Credit: josh@bress.net josh@bress.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/flask | <1.0 | 1.0 |
| Palletsprojects Flask | <1.0 | |
| <1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010083
- https://www.palletsprojects.com/blog/flask-1-0-released/
- https://github.com/advisories/GHSA-5wv5-4vpf-pj6m (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
- https://www.palletsprojects.com/blog/flask-1-0-released
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-1010083.
What is the severity of CVE-2019-1010083?
The severity of CVE-2019-1010083 is 7.5 (High).
How does CVE-2019-1010083 affect the Pallets Project Flask?
CVE-2019-1010083 affects the Pallets Project Flask before version 1.0.
What is the impact of CVE-2019-1010083?
The impact of CVE-2019-1010083 is denial of service.
How can I fix CVE-2019-1010083?
To fix CVE-2019-1010083, update Flask to version 1.0 or higher.
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-5wv5-4vpf-pj6m
- alias/CVE-2019-1010083
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- vendor/palletsprojects
- canonical/palletsprojects flask
- package-manager/pip