Debian 10263 Published by

A flask security update has been released for Debian GNU/Linux 9 Extended LTS to address an improper input validation vulnerability.



ELA-940-1 flask security update

Package : flask
Version : 0.12.1-1+deb9u1 (stretch)

Related CVEs :
CVE-2018-1000656
CVE-2019-1010083

Flask, a micro web framework for the Python programming language, contains a improper input validation vulnerability (CWE-20) that can result in large amount of memory usage, possibly leading to denial of service. This attack appears to be exploitable through a crafted JSON data in an incorrect encoding.
NOTE: this may overlap CVE-2019-1010083.

ELA-940-1 flask security update