Skip to main content

Marshmallow

1 CVEs product

Monthly

CVE-2018-17175 PyPI MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy