PyPI: flask
CVE-2019-1010083
Safety vulnerability ID: SFTY-20190717-33285
Safety legacy ID: pyup.io-38654
Flask 0.12.3 includes a fix for CVE-2019-1010083: Unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. NOTE: this may overlap CVE-2018-1000656. https://github.com/pallets/flask/pull/2695/commits/0e1e9a04aaf29ab78f721cfc79ac2a691f6e3929
Overview
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
Advisory
Flask 0.12.3 includes a fix for CVE-2019-1010083: Unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. NOTE: this may overlap CVE-2018-1000656. https://github.com/pallets/flask/pull/2695/commits/0e1e9a04aaf29ab78f721cfc79ac2a691f6e3929
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20190717-33285/CVE-2019-1010083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010083
- https://www.palletsprojects.com/blog/flask-1-0-released/
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010083
- https://github.com/advisories/GHSA-5wv5-4vpf-pj6m
- https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
- https://www.palletsprojects.com/blog/flask-1-0-released
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more