What is CVE-2019-1010083?

CVE-2019-1010083 is a vulnerability in The Pallets Project Flask. Published 2019-07-17.

Is CVE-2019-1010083 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Pallets Project Flask

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

EPSS: 0.005 (64.9th percentile) — read the EPSS interpretation.

Affected products

The Pallets Project Flask — versions ≤ 1.0 [fixed: 1]

Public proof-of-concept exploits

arvion-ai/test-vulnerable-python2
crumpman/pulsecheck
elliotsecops/VulnGuard
eltyagi/poc-codeql-artifact-attestation
mightysai1997/pip-audit
pypa/pip-audit
timothy-bartlett/pip-audit

References

www.palletsprojects.com/blog/flask-1-0-released/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-1010083?: CVE-2019-1010083 is a vulnerability in The Pallets Project Flask. Published 2019-07-17.
Is CVE-2019-1010083 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.