VYPR

rpm package

suse/python-marshmallow&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP6

pkg:rpm/suse/python-marshmallow&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6

Vulnerabilities (3)

  • CVE-2025-68480MedDec 22, 2025
    affected < 3.20.2-150400.9.10.1fixed 3.20.2-150400.9.10.1

    Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request

  • CVE-2023-28859Mar 26, 2023
    affected < 3.20.2-150400.9.7.1fixed 3.20.2-150400.9.7.1

    redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio

  • CVE-2023-28858Mar 26, 2023
    affected < 3.20.2-150400.9.7.1fixed 3.20.2-150400.9.7.1

    redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT