Skip to content
Commit d5b23994 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso
Browse files

Add CVE-2019-1010083/flask 

Only thing which is known so far that it is 'fixed in the 1.0 release'.
The CVE was assigned by the former DWF project, but apart
https://www.palletsprojects.com/blog/flask-1-0-released/ there is no
reference given. The upstream release information notes:

	JSON Security Fix

        Flask previously decoded incoming JSON bytes using the content
        type of the request. Although JSON should only be encoded as UTF-
        8, Flask was more lenient. However, Python includes non-text
        related encodings that could result in unexpected memory use by
        a request.

        Flask will now detect the encoding of incoming JSON data as one
        of the supported UTF encodings, and will not allow arbitrary
        encodings from the request.
parent ce0fbfc8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment