Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #4330

closed

set flask requirement version to 0.12.3+

Added by ipanova@redhat.com over 5 years ago. Updated about 5 years ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Crane:
Platform Release:
Target Release - Crane:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Older versions are affected by a denial service vulnerability in the JSON decoding process due to improper input validation. An unauthenticated attacker can exploit this issue by providing JSON data in a non-text related encoding, which could result in unexpected memory use.

https://www.tenable.com/cve/CVE-2018-1000656

Actions
Copy link
 #1

Updated by ipanova@redhat.com over 5 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by ipanova@redhat.com over 5 years ago

Crane receives data in json format only from repository metadata which was generated by pulp_docker with json module. Json by default is using utf8 encoding so this issue should not affect Crane.

Actions
Copy link
 #5

Updated by ipanova@redhat.com over 5 years ago

  • Status changed from NEW to CLOSED - NOTABUG
Actions
Copy link
 #6

Updated by bmbouter about 5 years ago

  • Tags Pulp 2 added
Actions
Send by e-mail Copy link

Also available in: Atom PDF