GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...