CVE-2019-9710

The CVE-2019-9710 entry refers to webargs before 5.1.3 (used with marshmallow and other products). The vulnerability is a non-thread-safe, short-lived cache used for parsing the JSON body, which could cause incorrect JSON payloads to be parsed under concurrent requests. Affected component: webarg...

CVE-2020-7965

The CVE-2020-7965 entry concerns the Python Webargs project (flaskparser.py) in the 5.x line up to 5.5.2. Vulnerability detail: the code does not validate that the Content-Type header is application/json when handling JSON input; if the request body is valid JSON, it is accepted even when Content...