| Package | flask |
|---|---|
| Version | 0.12.1-1+deb9u1 (stretch) |
| Related CVEs | CVE-2018-1000656 CVE-2019-1010083 |
Flask, a micro web framework for the Python programming language, contains a improper input validation vulnerability (CWE-20) that can result in large amount of memory usage, possibly leading to denial of service. This attack appears to be exploitable through a crafted JSON data in an incorrect encoding. NOTE: this may overlap CVE-2019-1010083.
For Debian 9 stretch, these problems have been fixed in version 0.12.1-1+deb9u1.
We recommend that you upgrade your flask packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.