N/A

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

N/A

N/A

Pallets Project Flask 输入验证错误漏洞

Pallets Project Flask是Pallets项目的一款轻量级的WSGI（Web服务器网关接口）应用程序框架。 Pallets Project flask 0.12.3之前版本中存在输入验证漏洞。攻击者可借助JSON数据利用该漏洞造成拒绝服务（大量内存消耗）。

N/A

N/A