Homepage
About Snyk

marshmallow@3.0.0b2 vulnerabilities

A lightweight library for converting complex datatypes to and from native Python datatypes.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the marshmallow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

marshmallow is an ORM/ODM/framework-agnostic library for converting complex datatypes, such as objects, to and from native Python datatypes.

Affected versions of this package are vulnerable to Information Exposure. The schema only option treats an empty list as implying no only option, which allows a request that was intended to expose no fields to instead expose all fields.

How to fix Information Exposure?

Upgrade marshmallow to version 2.15.1, 3.0.0b9

[,2.15.1) [3.0.0a1,3.0.0b9)
Go back to all versions of this package