First published: Wed Jul 17 2019(Updated: )
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.
Credit: josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
pip/flask | <1.0 | 1.0 |
Palletsprojects Flask | <1.0 | |
<1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-1010083.
The severity of CVE-2019-1010083 is 7.5 (High).
CVE-2019-1010083 affects the Pallets Project Flask before version 1.0.
The impact of CVE-2019-1010083 is denial of service.
To fix CVE-2019-1010083, update Flask to version 1.0 or higher.