Vulnerabilities

 1 via 1 paths

Dependencies

 8

Source

 GitHub

Commit

 a71d3343

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity
new

Asymmetric Resource Consumption (Amplification)

  • Vulnerable module: marshmallow
  • Introduced through: marshmallow-dataclass@8.6.1

Detailed paths

  • Introduced through: westy92/holiday-event-api-python@westy92/holiday-event-api-python#a71d3343a0671005ef3d8fe2659e9409c3cb2772 marshmallow-dataclass@8.6.1 marshmallow@3.19.0
    Remediation: Upgrade to marshmallow-dataclass@8.6.1.

Overview

Affected versions of this package are vulnerable to Asymmetric Resource Consumption (Amplification) via the Schema.load method of the error storage utility, when handling input with the many parameter set to True. An attacker can cause excessive CPU consumption by submitting a moderately sized request.

Workaround

This vulnerability can be mitigated by validating the input type before processing, such as ensuring the data is a list and failing fast if it is not.

Remediation

Upgrade marshmallow to version 3.26.2, 4.1.2 or higher.

References

Asymmetric Resource Consumption (Amplification) vulnerability report

medium severity

MPL-2.0 license

  • Module: certifi
  • Introduced through: certifi@2026.1.4

Detailed paths

  • Introduced through: westy92/holiday-event-api-python@westy92/holiday-event-api-python#a71d3343a0671005ef3d8fe2659e9409c3cb2772 certifi@2026.1.4

MPL-2.0 license

MPL-2.0 license vulnerability report