rpm package
opensuse/python-marshmallow&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-marshmallow&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68480 | Med | 5.3 | < 3.26.2-1.1 | 3.26.2-1.1 | Dec 22, 2025 | Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request | |
| CVE-2018-17175 | Med | 5.3 | < 3.20.2-2.2 | 3.20.2-2.2 | Sep 18, 2018 | In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynam |
- affected < 3.26.2-1.1fixed 3.26.2-1.1
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request
- affected < 3.20.2-2.2fixed 3.20.2-2.2
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynam