Vulnerability CVE-2018-1000656


Published: 2018-08-20

Description:
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Palletsprojects -> Flask 
Netapp -> Active iq 
Netapp -> Hyper converged infrastructure 
Netapp -> Ontap select deploy utility 

 References:
https://github.com/pallets/flask/pull/2691
https://github.com/pallets/flask/releases/tag/0.12.3
https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html
https://security.netapp.com/advisory/ntap-20190221-0001/

Copyright 2022, cxsecurity.com

 

Back to Top