Skip to Content.
Sympa Menu

perfsonar-user - [perfsonar-user] python-flask vulnerability

Subject: perfSONAR User Q&A and Other Discussion

List archive

[perfsonar-user] python-flask vulnerability


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Uhl, George D. (GSFC-423.0)[Arctic Slope Technical Services, Inc.]" <>
  • To: perfSONAR-Developer <>, perfsonar-user <>
  • Subject: [perfsonar-user] python-flask vulnerability
  • Date: Wed, 8 Jul 2020 15:00:59 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nasa.gov; dmarc=pass action=none header.from=nasa.gov; dkim=pass header.d=nasa.gov; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QTp1wqOea6T9IK/POLqsp7TQ9bzFCP964qQnaVQLeAU=; b=Gr2s6ohtGxWP45CvI7W+jTGx1h9ofiGnjK7IZ365+YnINOb47DtxmxKJqQxwRDicDTj8IWPOgh7+oK9JnXOSmT/bGaLMdvxQCcR4Cv5+Bdqg4WbIzNqJc3k7shFQV4fNpNbUWQkHIDPffD7Y8oNqFeT31S0Ukvba3Uvpxh6HgFf5gzfbU3rtwaXfAJI2kZqPk+ScZCqBOiVOARXXurYhWlzXdQKRvjAu3m6HEYsCJNS516j/tRMtdxAODyGNGpe1yprXsdq1NfbbIGMOQAjxl4BFGzXZ6o1tQphRVchwlD9CWn+3tAoaM735FdC/afWay5I9wIjj9lOBRbhsE8zj0A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UdyO7SfOhdodZGB6HaTsGlgbbah6/JQh3NdXfdvFPLGN119Gq3IfKPcbLii5PBh5vKxw5SUy+3DUTrT1AzionAlu0CAMoELzheZTE0eKSFXfSRRRqiLXq5rcwMA5wDiLvsETgpE7nzIi4Mq9LLcW6Epv4FSQw6EfQq/WJRxlMFrVdo2chZsC5ILn+haGaFVCyrc8p5P7t3AUEPlNYZ3/MZQqTg87BHDJX42bpK+baKyMeZAeca6rS7pPdXZcYJzxpmW1kouoZxBPhrZeeLs7ZzPTlgpAhwePjFo6zaMTpsGWyFJ0A4yr+Sci9BDSODq3aBhqLFyaTiiMjVfvCfjKKw==
  • Dkim-filter: OpenDKIM Filter v2.11.0 ndjsvnpf101.ndc.nasa.gov B83E940160F1

All,

 

Our security team identified a version of python-flask with a known vulnerability that they want patched.  The perfsonar repo currently doesn’t provide the latest patched version.  Would it be possible to include the fixed version in the perfsonar repo?

 

Thanks,

George Uhl

 

 

Path : Package - python-flask-0.10.1-5.el7_7|1
Installed version : 0.10.1
Fixed version : 0.12.3

·  Discovery

  • First Discovered: 39 days ago
  • Last Observed: 4 days ago

·  Host Information

  • IP Address: x.x60.100 ( TCP )
  • DNS: perfsonar-nsg-uat.sgw.earthdata.nasa.gov
  • MAC Address: xxxxxxx
  • NetBIOS: UNKNOWN\perfsonar-nsg-prod.sgw.earthdata.nasa.gov
  • Repository: Individual Scan

·  Risk Information

  • Risk Factor: Medium
  • Vulnerability Priority Rating: 3.6
  • CVSS v2 Base Score: 5.0
  • CVSS v2 Temporal Score: 3.7
  • CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C
  • CVSS v3 Base Score: 7.5
  • CVSS v3 Temporal Score: 6.5
  • CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

·  Exploit Information

  • Patch Published: Apr 26, 2018
  • Exploit Available: No
  • Exploitability Ease: No known exploits are available

 

 

From: <> on behalf of Sowmya Balasubramanian <>
Reply-To: Sowmya Balasubramanian <>
Date: Monday, July 6, 2020 at 4:53 PM
To: perfSONAR-Developer <>, perfsonar-user <>
Subject: [EXTERNAL] [perfsonar-user] Lookup Service Round 3 testing - Jul 8-9

 

Hi All,

 

The perfSONAR Team will be testing the Lookup Service on July 8-9 (Wed-Thu). As done previously, a new instance containing the next release(that replaces backend with Elasticsearch) will be brought online.

 

*No changes* are required to the Toolkits/clients. 

 

We do not expect the service to be impacted. But, you may notice a dip in the number of hosts/interface records (for an hour or two), while the toolkits are switching to the new instance. 

 

After the testing is completed, the Lookup Service instance will be reverted back to the current production instance. 

 

An email will be sent right before the testing starts and when the testing has been completed.

 

Thank you for your cooperation.

 

Regards,

perfSONAR Team


Archive powered by MHonArc 2.6.19.

Top of Page