CVE-2019-9710
HIGHwebargs < 5.1.3 - Race Condition in JSON Body Parsing Cache
Title source: llmDescription
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://webargs.readthedocs.io/en/latest/changelog.html
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/marshmallow-code/webargs/issues/371
Scores
CVSS v3
8.1
EPSS
0.0112
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (2)
pypi/webargs
0 - 5.1.3PyPI
webargs_project/webargs
< 5.1.3
Published
Mar 12, 2019
Tracked Since
Feb 18, 2026