25 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-68480
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0...
CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
DEBIAN-CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
UBUNTU-CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
CVE-2025-68480 Marshmallow has DoS in Schema.load(many)
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
CVE-2025-68480
CVE-2025-68480 affects Marshmallow. In Marshmallow versions 3.0.0rc1–3.26.1 and 4.0.0–4.1.1, Schema.load(data, many=True) is vulnerable to denial of service via crafted requests that can consume excessive CPU time. The issue is mitigated by upgrading to Marshmallow 3.26.2 or 4.1.2 or later, which...
CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
PT-2025-52725
Name of the Vulnerable Software and Affected Versions Marshmallow versions 3.0.0rc1 through 3.26.1 Marshmallow versions 4.0.0 through 4.1.1 Description Marshmallow, a library for converting complex objects to and from simple Python datatypes, contains a flaw in the Schema.loaddata, many=True...
marshmallow 安全漏洞
marshmallow is a data type conversion library in the marshmallow-code open source. A security vulnerability exists in marshmallow versions prior to 3.26.2 and prior to 4.1.2, which stems from a denial of service issue in the Schema.load function...
EUVD-2018-0090
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-17175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema only option treats an empty list as implying no only option, which allows...
SUSE CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
GHSA-9Q2P-FJ49-VPXJ In marshmallow library the schema "only" option treats an empty list as implying no "only" option
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
In marshmallow library the schema "only" option treats an empty list as implying no "only" option
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
marshmallow library for Python Information Disclosure Vulnerability
Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. marshmallow library is one of the lightweight libraries for converting complex objects into Python data...
DEBIAN-CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
Design/Logic Flaw
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...