CVE-2018-1000656

Advisory

Lithops 1.0.1 fixes a flask security issue. See: CVE-2018-1000656.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Added
- Example of the Docker image that is based on Anaconda
- Enabled support for multiple call_assync() calls in the same pw instance
- Added 'OutOfMemory' Exception
- Jupyter notebook example
- configurable cleaner for temporary data

Changed
- Changed and improved logging in order to log correctly within IBM Cloud Functions
- Changed Python interpreter of the data_cleaner method
- Moved some info prints to debug
- improved remote function invocation mechanism

Fixes
- Fixing flask security issues CVE-2018-1000656
- Fixed minor issue when futures is not a list
- Fixed default config exception. API KEY is not mandatory.
- Fixes in logging
- Some other fixes

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000656
• https://github.com/pallets/flask/releases/tag/0.12.3
• https://github.com/pallets/flask/pull/2691
• https://security.netapp.com/advisory/ntap-20190221-0001/
• https://lists.debian.org/debian-lts-announce/2019/08/msg00025.html
• https://usn.ubuntu.com/4378-1/