PyPI: flask

CVE-2018-1000656

Safety vulnerability ID: SFTY-20180820-80740

Safety legacy ID: pyup.io-36388

flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 6, 2025Updated at: Nov 6, 2025

Overview

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

Advisory

flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.

Affected Package

Affecting flask package, versions
<0.12.3

Also affects

---

How to Fix

Upgrade
flask
to
0.12.3
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more