CVE-2018-1000656

{"id": "CVE-2018-1000656", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-08-20T19:31:45.340", "references": [{"url": "https://github.com/pallets/flask/pull/2691", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pallets/flask/releases/tag/0.12.3", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190221-0001/", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4378-1/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083."}, {"lang": "es", "value": "Flask de The Pallets Project en versiones anteriores a la 0.12.3 contiene una vulnerabilidad CWE-20: Validaci\u00f3n de entradas incorrecta en flask que puede dar lugar al uso de una gran cantidad de memoria, posiblemente conduciendo a una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable si el atacante proporciona datos JSON en la codificaci\u00f3n incorrecta. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 0.12.3.NOTA: esto puede superponerse a CVE-2019-1010083."}], "lastModified": "2020-06-09T22:15:10.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palletsprojects:flask:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "673F0EBE-9B78-49D9-B85F-8DBC01B5B47A", "versionEndExcluding": "0.12.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8750B659-22D0-472A-8505-1B0C023764B3"}, {"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F26D2581-1244-4C0E-8994-7FAF104C90FF"}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_utility:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89DDC4B1-1738-4AAC-ABDE-1E91C32890BA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}