PYSEC-2017-7

2017-03-2304:59:00

Google

osv.dev

0.003 Low

EPSS

Percentile

70.6%

JSON

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.

CPENameOperatorVersion
cfscrapeeq1.6.6
cfscrapeeq1.7.1
cfscrapeeq1.6.8
cfscrapeeq1.6.7
cfscrapeeq1.7.0

Name	Operator	Version
cfscrape	eq	1.6.6
cfscrape	eq	1.7.1
cfscrape	eq	1.6.8
cfscrape	eq	1.6.7
cfscrape	eq	1.7.0

References

www.securityfocus.com/bid/97191

github.com/advisories/GHSA-5mc5-5j6c-qmf9

github.com/Anorov/cloudflare-scrape/issues/97

github.com/Anorov/cloudflare-scrape/releases/tag/1.8.0

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for OSV:PYSEC-2017-7