Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-1000656

Published: 20/08/2018 Updated: 09/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 449
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Flask

Vulnerability Summary

The Pallets Project flask version prior to 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

palletsprojects flask

netapp ontap select deploy utility

netapp hyper converged infrastructure

netapp active iq

Vendor Advisories

Red Hat: Low: python-flask security update
Synopsis Low: python-flask security update Type/Severity Security Advisory: Low Topic An update for python-flask is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, ...
Ubuntu Security Notice: flask vulnerability
Flask could be made to consume a large amount of memory if it received a specially crafted input ...

Github Repositories

https://github.com/tijana20/pysnyk

pysnyk A Python client for the Snyk API Client Using the client requires you to provide your Snyk API token import snyk client = snykSnykClient("<your-api-token>") By default the client will connect to the public Snyk service If you are using a local installation then you can provide the API url as the second a

https://github.com/mightysai1997/pip-audit

pip-audit pip-audit is a tool for scanning Python environments for packages with known vulnerabilities It uses the Python Packaging Advisory Database (githubcom/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports This project is maintained in part by Trail of Bits with support from Google This is not an official Google or Trail o

https://github.com/qafdevsec/pysnyk

pysnyk A Python client for the Snyk API Client Using the client requires you to provide your Snyk API token import snyk client = snykSnykClient("<your-api-token>") By default the client will connect to the public Snyk service If you are using a local installation then you can provide the API url as the second a

https://github.com/snyk-samples/pysnyk

A Python client for the Snyk API.

pysnyk A Python client for the Snyk API Client Using the client requires you to provide your Snyk API token import snyk client = snykSnykClient("<your-api-token>") By default the client will connect to the public Snyk service If you are using a local installation then you can provide the API url as the second a

https://github.com/agu3rra/loki

This program displays security advisories of open-sources packages your project uses no matter which GIT or CICD solution you use.

Loki Open Source Scanner (work in progress) This program that displays security advisories for a given dependencies file leveraging GitHub's Security Advisory API For ad-hod advisory look-ups: githubcom/advisories About the name Through his cunning, Loki helped the Aesir (Northern Gods) in difficult situations In Norse mythology Loki is the son of giants and

https://github.com/garethr/snykctl

A CLI tool for interacting with the Snyk API.

Snykctl A command line tool for interacting with the Snyk API Installation Precompiled executables are available Linux and macOS environments These are available from Releases You can grab those quickly with wget like so for Linux: wget -o snykctl githubcom/garethr/snykctl/releases/download/v020/snykctl_v020_linux-amd64 chmod +x snykctl

https://github.com/pypa/pip-audit

Audits Python environments and dependency trees for known vulnerabilities

pip-audit pip-audit is a tool for scanning Python environments for packages with known vulnerabilities It uses the Python Packaging Advisory Database (githubcom/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports This project is maintained in part by Trail of Bits with support from Google This is not an official Google or Trail o

https://github.com/trailofbits/pip-audit

Audits Python environments and dependency trees for known vulnerabilities

pip-audit pip-audit is a tool for scanning Python environments for packages with known vulnerabilities It uses the Python Packaging Advisory Database (githubcom/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports This project is maintained in part by Trail of Bits with support from Google This is not an official Google or Trail o

https://github.com/snyk-labs/pysnyk

A Python client for the Snyk API.

pysnyk A Python client for the Snyk API Client Using the client requires you to provide your Snyk API token import snyk client = snykSnykClient("<your-api-token>") By default the client will connect to the public Snyk service If you are using a local installation then you can provide the API url as the second a

https://github.com/crumpman/pulsecheck

Pulsecheck - Get current and historical vulnerability insights from the GItHub Advisory Database https://github.com/advisories/database, by checking the pulse of your project’s dependencies delivered in an easy-to-use CLI.

Pulsecheck I wrote Pulsecheck to serve as a tool for early-stage research on OSS third-party libraries and package vulnerabilities Pulsecheck parses your dependency files and queries the GitHub Advisory Database for all relevant GitHub-reviewed security advisories It will provide data on every reviewed GHSA advisory for your respective dependency This project showcases how t

https://github.com/hnts/vulnerability-exporter

A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy

Kubernetes Vulnerability Exporter A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy Abstract ! This project is under development Vulnerability exporter scan and export vulnerabilities of images and nodes in kubernetes cluster Inspirated by kube-trivy-expoter Image Scan Image Scan scans for vulnerabilities in container images of workloads deploye

https://github.com/akanchhaS/pysnyk

pysnyk A Python client for the Snyk API Client Using the client requires you to provide your Snyk API token import snyk client = snykSnykClient("<your-api-token>") By default the client will connect to the public Snyk service If you are using a local installation then you can provide the API url as the second a

References

CWE-20https://github.com/pallets/flask/releases/tag/0.12.3https://github.com/pallets/flask/pull/2691https://security.netapp.com/advisory/ntap-20190221-0001/https://lists.debian.org/debian-lts-announce/2019/08/msg00025.htmlhttps://usn.ubuntu.com/4378-1/https://access.redhat.com/errata/RHSA-2020:0870https://usn.ubuntu.com/4378-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook