313 matches found
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...
GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...
py-Scrapy -- credentials leak vulnerability
When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are third-party...
Scrapy denial of service vulnerability
Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...
article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +56 more potentially affected by CVE-2017-14158 via scrapy (>=1.3.3 <=2.15.2)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2017-14158 Source advisory: OSV:GHSA-H7WM-PH43-C39P...
GHSA-H7WM-PH43-C39P Scrapy denial of service vulnerability
Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...
[SECURITY] [DLA 2950-1] python-scrapy security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2950-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 16, 2022 https://wiki.debian.org/LTS -...
DLA-2950-1 python-scrapy - security update
Bulletin has no description...
Debian: Security Advisory (DLA-2950-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2950-1 : python-scrapy - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2950 advisory. It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections,...
Gerapy has unspecified vulnerabilities
Gerapy is a distributed crawler management framework based on Scrapy, Scrapyd, Django and Vue.js. A security vulnerability exists in Gerapy v 0.9.7, which stems from an access control vulnerability that can be caused by the spider parameter in the projectconfigure function. No details of the...
Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)
Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...
Insecure Cookies
scrapy is using insecure cookies. The vulnerability exists in cookie.py because the cookie-setting is not restricted based on the public suffix list which allows an attacker to inject cookies from a controlled domain...
Information Disclosure
Scrapy is vulnerable to information disclosure. The library does not properly check cookie headers before being redirected to the location URL, allowing an attacker to gain sensitive information or hijack users accounts by redirecting to malicious URLs...
CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
DEBIAN-CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +568 more potentially affected by CVE-2022-0577 via scrapy (>=1.3.3 <=2.6.0)
scrapy PYPI version =1.3.3, =0.1.0, =0.10.0, =0.0.1, =0.4.0, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =0.3.7 and more Source cves: CVE-2022-0577 Source advisory: OSV:PYSEC-2022-159...
CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
UBUNTU-CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...