GHSA-5wv5-4vpf-pj6m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5wv5-4vpf-pj6m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-5wv5-4vpf-pj6m/GHSA-5wv5-4vpf-pj6m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5wv5-4vpf-pj6m
- Aliases
- Published
- 2019-07-19T16:12:46Z
- Modified
- 2024-09-20T21:24:25.140560Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
- Details
-
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.
- References
Affected packages
PyPI / flask
Package
- Name
- flask
- View open source insights on deps.dev
- Purl
- pkg:pypi/flask