CVE-2019-9710

{"id": "CVE-2019-9710", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-03-12T02:29:00.273", "references": [{"url": "https://github.com/marshmallow-code/webargs/issues/371", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://webargs.readthedocs.io/en/latest/changelog.html", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests."}, {"lang": "es", "value": "Se ha detectado un fallo en webargs, en versiones anteriores a la 5.1.3, tal y como se emplea con marshmellow y otros productos. El an\u00e1lisis sint\u00e1ctico de JSON utiliza una cach\u00e9 de corta duraci\u00f3n para almacenar el cuerpo JSCON analizado. Esta cach\u00e9 no tiene protecci\u00f3n contra hilos, por lo que cargas \u00fatiles de JSON incorrectas podr\u00edan haberse analizado sint\u00e1cticamente para peticiones concurrentes."}], "lastModified": "2019-03-12T13:09:58.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webargs_project:webargs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72B8ECB2-4CE7-4AE0-B351-90A0D1D9EC87", "versionEndExcluding": "5.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}