CVE-2025-68480 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0…
Medium CVSS: 5.3

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Vendor
-
Product
-
CWE
CWE-405
Yayın Tarihi
2025-12-22 22:16:09
Güncelleme
2025-12-23 14:51:52
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-405 MEDIUM 2025

Referanslar

https://github.com/marshmallow-code/marshmallow/commit/d24a0c9df061c4daa92f71cf85aca25b83eee508 https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5