Vulnerabilites related to netapp - ontap_select_deploy_utility
CVE-2018-1000656 (GCVE-0-2018-1000656)
Vulnerability from cvelistv5
Published
2018-08-20 19:00
Modified
2024-08-05 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pallets/flask/pull/2691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pallets/flask/releases/tag/0.12.3"
},
{
"name": "[debian-lts-announce] 20190820 [SECURITY] [DLA 1892-1] flask security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html"
},
{
"name": "USN-4378-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4378-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00",
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T21:06:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/flask/pull/2691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/flask/releases/tag/0.12.3"
},
{
"name": "[debian-lts-announce] 20190820 [SECURITY] [DLA 1892-1] flask security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html"
},
{
"name": "USN-4378-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4378-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.130462",
"DATE_REQUESTED": "2018-08-15T16:18:15",
"ID": "CVE-2018-1000656",
"REQUESTER": "secure@veritas.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0001/"
},
{
"name": "https://github.com/pallets/flask/pull/2691",
"refsource": "CONFIRM",
"url": "https://github.com/pallets/flask/pull/2691"
},
{
"name": "https://github.com/pallets/flask/releases/tag/0.12.3",
"refsource": "CONFIRM",
"url": "https://github.com/pallets/flask/releases/tag/0.12.3"
},
{
"name": "[debian-lts-announce] 20190820 [SECURITY] [DLA 1892-1] flask security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html"
},
{
"name": "USN-4378-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4378-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000656",
"datePublished": "2018-08-20T19:00:00",
"dateReserved": "2018-08-15T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-08-20 19:31
Modified
2024-11-21 03:40
Severity ?
Summary
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pallets/flask/pull/2691 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/pallets/flask/releases/tag/0.12.3 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0001/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4378-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/flask/pull/2691 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/flask/releases/tag/0.12.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0001/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4378-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | flask | * | |
| netapp | active_iq | * | |
| netapp | hyper_converged_infrastructure | * | |
| netapp | ontap_select_deploy_utility | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palletsprojects:flask:*:*:*:*:*:*:*:*",
"matchCriteriaId": "673F0EBE-9B78-49D9-B85F-8DBC01B5B47A",
"versionEndExcluding": "0.12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8750B659-22D0-472A-8505-1B0C023764B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F26D2581-1244-4C0E-8994-7FAF104C90FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_utility:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89DDC4B1-1738-4AAC-ABDE-1E91C32890BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083."
},
{
"lang": "es",
"value": "Flask de The Pallets Project en versiones anteriores a la 0.12.3 contiene una vulnerabilidad CWE-20: Validaci\u00f3n de entradas incorrecta en flask que puede dar lugar al uso de una gran cantidad de memoria, posiblemente conduciendo a una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable si el atacante proporciona datos JSON en la codificaci\u00f3n incorrecta. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 0.12.3.NOTA: esto puede superponerse a CVE-2019-1010083."
}
],
"id": "CVE-2018-1000656",
"lastModified": "2024-11-21T03:40:20.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T19:31:45.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pallets/flask/pull/2691"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pallets/flask/releases/tag/0.12.3"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4378-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pallets/flask/pull/2691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pallets/flask/releases/tag/0.12.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4378-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}