Search for vulnerabilities
| Vulnerability ID | VCID-3pye-tp6f-rudx |
| Aliases |
PYSEC-2019-69
|
| Summary | An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/marshmallow-code/webargs/issues/371 | ||
| https://webargs.readthedocs.io/en/latest/changelog.html |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-05T16:55:17.593948+00:00 | PyPI Importer | Import | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |