26 matches found
EUVD-2019-0159
Malware in sbrugna...
EUVD-2020-0240
Malware in sbrugna...
aiowrpr (>=0.0.1a1 <=0.0.1a7), infiniguard-api (>=1.2.10 <=1.2.11) +5 more potentially affected by CVE-2020-7965 via webargs (>=5.1.1 <=5.5.2)
webargs PYPI version =5.1.1, =0.0.1a1, =1.2.10, =1.1.0b1, =0.3.0, =1.1.0, =0.100.3, =0.1.0, =0.10.0 Source cves: CVE-2020-7965 Source advisory: OSV:GHSA-FJQ3-5PXW-4WJ4...
Cross-Site Request Forgery in Webargs
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
GHSA-FJQ3-5PXW-4WJ4 Cross-Site Request Forgery in Webargs
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
Cross-Site Request Forgery (CSRF)
webargs is vulnerable to cross-site request forgery CSRF. The Content-Type header resolves to application/json when JSON input is received. If the request body is valid JSON, the application accepts it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST reques...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
aiowrpr (>=0.0.1a1 <=0.0.1a7), infiniguard-api (>=1.2.10 <=1.2.11) +5 more potentially affected by CVE-2020-7965 via webargs (>=5.1.1 <=5.5.2)
webargs PYPI version =5.1.1, =0.0.1a1, =1.2.10, =1.1.0b1, =0.3.0, =1.1.0, =0.100.3, =0.1.0, =0.10.0 Source cves: CVE-2020-7965 Source advisory: OSV:PYSEC-2020-156...
PYSEC-2020-156
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
PYSEC-2020-156
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2020-7965
The CVE-2020-7965 entry concerns the Python Webargs project (flaskparser.py) in the 5.x line up to 5.5.2. Vulnerability detail: the code does not validate that the Content-Type header is application/json when handling JSON input; if the request body is valid JSON, it is accepted even when Content...
aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)
webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:GHSA-8554-JXCW-454Q...
Webargs mishandles concurrent JSON parsing
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
GHSA-8554-JXCW-454Q Webargs mishandles concurrent JSON parsing
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
Insecure Caching
webargs uses insecure caching. Parsed JSON body is stored in a short-lived cache that would cause incorrect JSON payloads to be parsed for concurrent requests due to the cache not being thread-safe...
Design/Logic Flaw
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
PYSEC-2019-139
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
PYSEC-2019-69
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...