CNNVD-202512-3906 Information

CNNVD ID

CNNVD-202512-3906

Related CVE

CVE-2025-68480

• CNNVD Published: 2025-12-22

Description (Chinese)

marshmallow是marshmallow-code开源的一个数据类型转换库。 marshmallow 3.26.2之前版本和4.1.2之前版本存在安全漏洞，该漏洞源于Schema.load函数存在拒绝服务问题。

Description (English)

Marshmallow is a data type conversion library for the Marsmallow-code open source. There is a security loophole in previous versions of Marshmallow 3.26.2 and in previous versions of 4.1.2, which stems from the denial of service in the Schema.load function.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

marshmallow-code

Published

2025-12-22

Last Modified

2026-02-24

References

https://github.com/marshmallow-code/marshmallow/commit/d24a0c9df061c4daa92f71cf85aca25b83eee508 https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5

Patch

https://github.com/marshmallow-code/marshmallow/tags