259 matches found
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
PYSEC-2024-235
With the following crawler configuration:pythonfrom bs4 import BeautifulSoup as Soupurl = "https://example.com"loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".textdocs = loader.loadAn attacker in control of the contents of https://example.com could place ...
PYSEC-2024-235
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
Design/Logic Flaw
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
LangChain Code Issues Vulnerabilities
LangChain is building applications using LLM through composability. LangChain is vulnerable to a code issue. An attacker could use this vulnerability to place a malicious HTML file with a link such as "https://example.completely.different/myfile.html" in it, allowing the crawler to continue...
CVE-2024-0243
LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...
spider-flow security vulnerability
spider-flow is an open source crawler platform by sssssssss-team. A security vulnerability exists in spider-flow version 0.4.3. An attacker exploited the vulnerability to cause code injection...
Pantheon - Insecure Camera Parser
Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. Functionalities Pantheon allows users to execute an API crawler. There was original functionality without the use of...
com.digitalpebble.stormcrawler:storm-crawler-solr (=2.11), com.github.paulcwarren:content-solr-spring-boot-starter (=3.0.7) +108 more potentially affected by CVE-2023-44981 via org.apache.zookeeper:zookeeper (=3.9.0)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.zookeeper:zookeeper and may be impacted: - com.digitalpebble.stormcrawler:storm-crawler-solr =2.11 -...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...
Hour of Code 安全漏洞
Hour of Code is an application for ming individual developers. It uses Python to create a web crawler. A security vulnerability exists in Hour of Code, which stems from a code execution backdoor via request packets that can be exploited by an attacker to access sensitive user information and...
Z-BlogPHP 代码问题漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...
Fedora: Security Advisory for golang-github-gocolly-colly-2 (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36
Elegant Scraper and Crawler Framework for Golang...
[SECURITY] Fedora 35 Update: golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc35
Elegant Scraper and Crawler Framework for Golang...
com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +91 more potentially affected by CVE-2019-0202 via org.apache.storm:storm-core (>=0.9.3 <=1.2.2)
org.apache.storm:storm-core MAVEN version =0.9.3, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =0.3.4, =0.4.1 - com.github.ptgoetz:flux =0.1.0 and more Source cves: CVE-2019-0202 Source advisory: OSV:GHSA-R9PV-HG64-JQRP...
Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask
Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploited the vulnerability to read the cache of an anonymous i.e., not logged in user, thereby...
PT-2022-16903 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...
Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)
Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...