Vulnerabilities

1 via 1 paths

Dependencies

8

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Asymmetric Resource Consumption (Amplification)

  • Vulnerable module: marshmallow
  • Introduced through: marshmallow-dataclass@8.6.1

Detailed paths

  • Introduced through: westy92/holiday-event-api-python@westy92/holiday-event-api-python marshmallow-dataclass@8.6.1 marshmallow@3.19.0
    Remediation: Upgrade to marshmallow-dataclass@8.6.1.

Overview

Affected versions of this package are vulnerable to Asymmetric Resource Consumption (Amplification) via the Schema.load method of the error storage utility, when handling input with the many parameter set to True. An attacker can cause excessive CPU consumption by submitting a moderately sized request.

Workaround

This vulnerability can be mitigated by validating the input type before processing, such as ensuring the data is a list and failing fast if it is not.

Remediation

Upgrade marshmallow to version 3.26.2, 4.1.2 or higher.

References

medium severity

MPL-2.0 license

  • Module: certifi
  • Introduced through: certifi@2026.6.17

Detailed paths

  • Introduced through: westy92/holiday-event-api-python@westy92/holiday-event-api-python certifi@2026.6.17

MPL-2.0 license