3 matches found
aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)
webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:GHSA-8554-JXCW-454Q...
aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)
webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:PYSEC-2019-139...
CVE-2019-9710
The CVE-2019-9710 entry refers to webargs before 5.1.3 (used with marshmallow and other products). The vulnerability is a non-thread-safe, short-lived cache used for parsing the JSON body, which could cause incorrect JSON payloads to be parsed under concurrent requests. Affected component: webarg...