Asymmetric Resource Consumption (Amplification) in marshmallow

Summary

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 prior to 3.26.2 and 4.x prior to 4.1.2, "Schema.load(data, many=True)" is vulnerable to Denial-of-Service (DoS) attacks. A moderately sized request can consume a disproportionate amount of CPU time.