rpm package
opensuse/python-marshmallow&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/python-marshmallow&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68480 | Med | 5.3 | < 3.20.2-150400.9.10.1 | 3.20.2-150400.9.10.1 | Dec 22, 2025 | Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request | |
| CVE-2023-28859 | — | < 3.20.2-150400.9.7.1 | 3.20.2-150400.9.7.1 | Mar 26, 2023 | redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio | ||
| CVE-2023-28858 | — | < 3.20.2-150400.9.7.1 | 3.20.2-150400.9.7.1 | Mar 26, 2023 | redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT |
- affected < 3.20.2-150400.9.10.1fixed 3.20.2-150400.9.10.1
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request
- CVE-2023-28859Mar 26, 2023affected < 3.20.2-150400.9.7.1fixed 3.20.2-150400.9.7.1
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio
- CVE-2023-28858Mar 26, 2023affected < 3.20.2-150400.9.7.1fixed 3.20.2-150400.9.7.1
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT