Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Marshmallow has DoS in Schema.load(many)
Vulnerability Description
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不对称的资源消耗(放大攻击)
Vulnerability Title
marshmallow 安全漏洞
Vulnerability Description
marshmallow是marshmallow-code开源的一个数据类型转换库。 marshmallow 3.26.2之前版本和4.1.2之前版本存在安全漏洞,该漏洞源于Schema.load函数存在拒绝服务问题。
CVSS Information
N/A
Vulnerability Type
N/A