-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Med] Snyk: Race Condition (due 5/20/19) #3642
Comments
Race ConditionVulnerable module: webargs
Detailed paths
Overview
Affected versions of this package are vulnerable to Race Condition. Json parsing uses a short-lived cache to store the parsed Json body. This cache is not thread-safe, meaning that incorrect Json payloads could have been parsed for concurrent requests. RemediationUpgrade |
added |
Require [edit: correct versions] |
|
2.x@parser.error_handler
def handle_error(error):
raise CustomError(error.messages) 3.x@parser.error_handler
def handle_error(error, req):
raise CustomError(error.messages) |
5.0.0Backwards-incompatible: webargs.ValidationError is removed. Use marshmallow.ValidationError instead. |
updated |
Vulnerable module: webargs
Introduced through: webargs@0.18.0 and flask-apispec@0.7.0
Detailed paths:
Introduced through: project@0.0.0 › webargs@0.18.0
Introduced through: project@0.0.0 › flask-apispec@0.7.0 › webargs@0.18.0
Remediation:
Upgrade webargs to version 5.1.3 or higher.
The text was updated successfully, but these errors were encountered: