webargs

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting webargspage 1 of 1

CVE-2019-9710HIGHCVSS 8.1EG 8.1✓ Fixed in 5.1.3
2019-03-12
vulnerable: 0.1.0 ... 5.1.2 (70 versions)
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could ha…
CVE-2020-7965HIGHCVSS 8.8EG 8.8✓ Fixed in 5.5.3
2020-01-29
vulnerable: 5.0.0 ... 5.5.2 (14 versions)
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-u…

Check whether webargs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for webargs CVEs against the assets you own.

Start Free Scan →