Page MenuHomePhabricator

CVE-2018-1000656 in ores and wikilabels
Closed, ResolvedPublic


More info. It can be used as a DDoS vector.
Upgrading to flask 0.12.3 would solve it

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 29 2018, 7:38 PM
Restricted Application added a project: User-Ladsgroup. · View Herald TranscriptOct 29 2018, 7:39 PM
Ladsgroup triaged this task as High priority.Oct 29 2018, 7:42 PM
Ladsgroup merged a task: Restricted Task.Oct 30 2018, 11:43 AM
Ladsgroup added a subscriber: hashar.

wikilabels is deployed, ores is waiting for review.

Ladsgroup changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 1 2018, 9:45 AM

It's in production.

Ladsgroup closed this task as Resolved.Nov 1 2018, 8:00 PM