Main Vulnerability Database Vulnerabilities #VU18150

#VU18150 Input validation error in Flask - CVE-2018-1000656

Published: April 8, 2019

Vulnerability identifier: #VU18150

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1000656

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Flask

Software vendor:
The Pallets Projects

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing JSON data in incorrect encoding. A remote attacker can supply a specially crafted JSON string and consume all available memory resources.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.

Remediation

Update to version 0.12.3.

External links

https://github.com/pallets/flask/pull/2691
https://github.com/pallets/flask/releases/tag/0.12.3
https://security.netapp.com/advisory/ntap-20190221-0001/

#VU18150 Input validation error in Flask - CVE-2018-1000656

Description

Remediation

External links

Please verify you're human