Affecting marshmallow package, versions [,2.15.1), [3.0.0,3.0.0b9)
marshmallow is an ORM/ODM/framework-agnostic library for converting complex datatypes, such as objects, to and from native Python datatypes.
Affected versions of this package are vulnerable to Information Exposure. The schema
only option treats an empty list as implying no
only option, which allows a request that was intended to expose no fields to instead expose all fields.
marshmallow to version 2.15.1, 3.0.0b9