Описание
Marshmallow has DoS in Schema.load(many)
Impact
Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time.
Patches
4.1.2, 3.26.2
Workarounds
Пакеты
marshmallow
>= 3.0.0rc1, < 3.26.2
3.26.2
marshmallow
>= 4.0.0, < 4.1.2
4.1.2
Связанные уязвимости
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Marshmallow is a lightweight library for converting complex objects to ...