Skip to main content

Webargs

2 CVEs product

Monthly

CVE-2020-7965 PyPI HIGH PATCH This Week

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webargs
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-9710 PyPI HIGH POC PATCH This Week

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webargs
NVD GitHub
CVSS 3.0
8.1
EPSS
1.1%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webargs
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webargs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy