Vulnerability	Vulnerable Version
H Cross-Site Request Forgery (CSRF) webargs is a python library for parsing and validating HTTP request objects, with built-in support for popular web frameworks, including Flask, Django, Bottle, Tornado, Pyramid, webapp2, Falcon, and aiohttp. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). `Flaskparser.py` does not check that the `Content-Type` header is `application/json` when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is `application/x-www-form-urlencoded`. This allows for JSON POST requests to be made across domains, leading to CSRF. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `webargs` to version 6.0.0b4, 5.5.3 or higher.	[6.0.0b1,6.0.0b4)[,5.5.3)
M Race Condition webargs is a python library for parsing and validating HTTP request objects, with built-in support for popular web frameworks, including Flask, Django, Bottle, Tornado, Pyramid, webapp2, Falcon, and aiohttp. Affected versions of this package are vulnerable to Race Condition. Json parsing uses a short-lived cache to store the parsed Json body. This cache is not thread-safe, meaning that incorrect Json payloads could have been parsed for concurrent requests. How to fix Race Condition? Upgrade `webargs` to version 5.1.3 or higher.	[,5.1.3)

Cross-Site Request Forgery (CSRF)

webargs is a python library for parsing and validating HTTP request objects, with built-in support for popular web frameworks, including Flask, Django, Bottle, Tornado, Pyramid, webapp2, Falcon, and aiohttp.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). Flaskparser.py does not check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade webargs to version 6.0.0b4, 5.5.3 or higher.

[6.0.0b1,6.0.0b4)[,5.5.3)

Race Condition

Affected versions of this package are vulnerable to Race Condition. Json parsing uses a short-lived cache to store the parsed Json body. This cache is not thread-safe, meaning that incorrect Json payloads could have been parsed for concurrent requests.

How to fix Race Condition?

Upgrade webargs to version 5.1.3 or higher.

[,5.1.3)

Go back to all versions of this package