High severity7.5NVD Advisory· Published Aug 20, 2018· Updated Jun 17, 2026
CVE-2018-1000656
CVE-2018-1000656
Description
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
FlaskPyPI | < 0.12.3 | 0.12.3 |
Affected products
4- ghsa-coords4 versionspkg:pypi/flaskpkg:rpm/opensuse/python-Flask&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/python-Flask&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-Flask&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015
< 0.12.3+ 3 more
- (no CPE)range: < 0.12.3
- (no CPE)range: < 0.12.4-lp150.2.3.1
- (no CPE)range: < 0.12.4-3.3.26
- (no CPE)range: < 0.12.4-3.3.26
Patches
Vulnerability mechanics
References
11- github.com/pallets/flask/pull/2691nvdIssue TrackingPatchThird Party AdvisoryWEB
- security.netapp.com/advisory/ntap-20190221-0001/nvdPatchThird Party Advisory
- github.com/advisories/GHSA-562c-5r94-xh97ghsaADVISORY
- github.com/pallets/flask/releases/tag/0.12.3nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000656ghsaADVISORY
- github.com/pallets/flask/commit/b178e89e4456e777b1a7ac6d7199052d0dfdbbbeghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2018-66.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2019/08/msg00025.htmlnvdWEB
- security.netapp.com/advisory/ntap-20190221-0001ghsaWEB
- usn.ubuntu.com/4378-1ghsaWEB
- usn.ubuntu.com/4378-1/nvd
News mentions
0No linked articles in our index yet.