Project

Profile

Help

Issue #4330

closed

set flask requirement version to 0.12.3+

Added by ipanova@redhat.com over 5 years ago. Updated about 5 years ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Crane:
Platform Release:
Target Release - Crane:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Older versions are affected by a denial service vulnerability in the JSON decoding process due to improper input validation. An unauthenticated attacker can exploit this issue by providing JSON data in a non-text related encoding, which could result in unexpected memory use.

https://www.tenable.com/cve/CVE-2018-1000656

Also available in: Atom PDF