CVE-2019-1010083: Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

July 19, 2019 (updated September 20, 2024)

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656.

References

github.com/advisories/GHSA-5wv5-4vpf-pj6m
github.com/pallets/flask
github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2019-179.yaml
nvd.nist.gov/vuln/detail/CVE-2019-1010083
www.palletsprojects.com/blog/flask-1-0-released

Code Behaviors & Features

Detect and mitigate CVE-2019-1010083 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →