The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083. (CVE-2018-1000656)
Impact
An attacker may use crafted JSON data to cause a denial-of-service (DoS) attack.
BIG-IQ Centralized Management
Only the control plane for the BIG-IQ Configuration utility uses the Python Flask module.
F5OS
Only the web server for the front panel LCD touchscreen uses Flask. They system uses the LCD web server only when you access the front panel touchscreen. No other component interacts with Flask.