EIQ-2019-0027
ID |
EIQ-2019-0027 |
CVE |
|
Description |
Pallet Projects Flask could allow denial of service (DoS) |
Date |
22 Jul 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
7.5 |
Status |
2.6.0 |
Assessment |
Pallet Projects Flask versions 0.12.4 and earlier are vulnerable to denial of service (DoS) attacks. Although JSON data should always be encoded in UTF-8 format, Flask would accept other formats as well. While attempting to decode the payload, Flask would consume the available memory resources, which would result in a denial of service. To exploit the vulnerability, attackers must have access to the target system, and the system must accept input from untrusted sources. |
Mitigation |
|
Affected versions |
2.5.0 and earlier. |
Notes |
For more information, see: |
< Back to all security issues and mitigation actions
In release notes 2.5.0
In release notes 2.6.0