Actions
Issue #4330
closedset flask requirement version to 0.12.3+
Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Crane:
Platform Release:
Target Release - Crane:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Older versions are affected by a denial service vulnerability in the JSON decoding process due to improper input validation. An unauthenticated attacker can exploit this issue by providing JSON data in a non-text related encoding, which could result in unexpected memory use.
Updated by ipanova@redhat.com over 5 years ago
Crane receives data in json format only from repository metadata which was generated by pulp_docker with json module. Json by default is using utf8 encoding so this issue should not affect Crane.
Updated by ipanova@redhat.com over 5 years ago
- Status changed from NEW to CLOSED - NOTABUG
Actions