Oval Definition:	oval:org.opensuse.security:def:201817175
Revision Date: 2022-06-30 Version: 1 Title: CVE-2018-17175 Description: In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2018-17175 SUSE CVE-2018-17175 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information python-marshmallow-docs-3.11.1-1.3 is installed OR python36-marshmallow-3.11.1-1.3 is installed OR python38-marshmallow-3.11.1-1.3 is installed OR python39-marshmallow-3.11.1-1.3 is installed
BACK