| Name | CVE-2025-68480 |
| Description | Marshmallow is a lightweight library for converting complex objects to ... |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1123888 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| python-marshmallow (PTS) | bullseye | 3.10.0-1 | vulnerable |
| bookworm | 3.18.0-1 | vulnerable |
| trixie | 3.26.1-0.2 | vulnerable |
| forky, sid | 3.26.1-0.4 | vulnerable |
The information below is based on the following data on fixed versions.
Notes
[trixie] - python-marshmallow <no-dsa> (Minor issue)
[bookworm] - python-marshmallow <no-dsa> (Minor issue)
[bullseye] - python-marshmallow <postponed> (Minor issue)
https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
https://github.com/marshmallow-code/marshmallow/commit/218d98a785d3bd25dad8880bb07e9cce70340f31 (4.1.2)
https://github.com/marshmallow-code/marshmallow/commit/70141f4180fb94ced3544cdefdaff89172dd3956 (4.1.2)
https://github.com/marshmallow-code/marshmallow/commit/36f87877d0e889e682386a0121eabe030cde57b1 (4.1.2)
https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9 (3.26.2)
https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41 (3.26.2)
https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af (3.26.2)