Asymmetric Resource Consumption (Amplification)
CVE-2025-68480
Summary
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 prior to 3.26.2 and 4.x prior to 4.1.2, "Schema.load(data, many=True)" is vulnerable to Denial-of-Service (DoS) attacks. A moderately sized request can consume a disproportionate amount of CPU time.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-405 - Asymmetric Resource Consumption (Amplification)
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
References
Advisory Timeline
- Published
