5 matches found
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
aiowrpr (>=0.0.1a1 <=0.0.1a7), infiniguard-api (>=1.2.10 <=1.2.11) +5 more potentially affected by CVE-2020-7965 via webargs (>=5.1.1 <=5.5.2)
webargs PYPI version =5.1.1, =0.0.1a1, =1.2.10, =1.1.0b1, =0.3.0, =1.1.0, =0.100.3, =0.1.0, =0.10.0 Source cves: CVE-2020-7965 Source advisory: OSV:PYSEC-2020-156...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2020-7965
The CVE-2020-7965 entry concerns the Python Webargs project (flaskparser.py) in the 5.x line up to 5.5.2. Vulnerability detail: the code does not validate that the Content-Type header is application/json when handling JSON input; if the request body is valid JSON, it is accepted even when Content...