Homepage

marshmallow@3.0.0b5 vulnerabilities

A lightweight library for converting complex datatypes to and from native Python datatypes.

  • latest version

    4.0.0

  • latest non vulnerable version

    4.0.0

  • first published

    11 years ago

  • latest version published

    20 days ago

  • licenses detected

  • View marshmallow package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the marshmallow package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    marshmallow is an ORM/ODM/framework-agnostic library for converting complex datatypes, such as objects, to and from native Python datatypes.

    Affected versions of this package are vulnerable to Information Exposure. The schema only option treats an empty list as implying no only option, which allows a request that was intended to expose no fields to instead expose all fields.

    How to fix Information Exposure?

    Upgrade marshmallow to version 2.15.1, 3.0.0b9

    [,2.15.1)[3.0.0a1,3.0.0b9)
    Go back to all versions of this package