CVE-2018-1000656
flask - security update
7.5
HIGH
CVSS 3.1
EPSS 0.64%
Description
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
How to fix CVE-2018-1000656
To remediate CVE-2018-1000656, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.2-1 or later
- —upgrade to 0.10.1-2+deb8u1 or later
- —upgrade to 0.12.3 or later
- —upgrade to 0.12.3 or later
Is CVE-2018-1000656 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.0.2-1
- from 0, < 0.10.1-2+deb8u1
- from 0, < 0.12.3
- from 0, < 0.12.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |