colander@1.0a3 vulnerabilities
A simple schema-based serialization and deserialization library
-
latest version
2.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a year ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the colander package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
colander is an An extensible package which can be used to: Deserialize and validate a data structure composed of strings, mappings, and lists. Serialize an arbitrary data structure to a data structure composed of strings, mappings, and lists. Affected versions of this package are vulnerable to Denial of Service (DoS). The URL validator allows an attacker to potentially cause an infinite loop thereby causing a Denial of Service via an unclosed parenthesis. PoC by Przemek:
How to fix Denial of Service (DoS)? Upgrade |
[,1.7.0)
|