Lucene search
+L

313 matches found

Github Security Blog
Github Security Blog
added 2022/07/29 10:26 p.m.28 views

Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another

Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/29 10:26 p.m.4 views

GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another

Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...

5.9AI score
Exploits0References3
FreeBSD
FreeBSD
added 2022/07/29 12:0 a.m.9 views

py-Scrapy -- credentials leak vulnerability

When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are third-party...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 1:16 a.m.34 views

Scrapy denial of service vulnerability

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

7.8CVSS5AI score0.01907EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 1:16 a.m.5 views

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +56 more potentially affected by CVE-2017-14158 via scrapy (>=1.3.3 <=2.15.2)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2017-14158 Source advisory: OSV:GHSA-H7WM-PH43-C39P...

7.8CVSS7.1AI score0.01907EPSS
Exploits1
OSV
OSV
added 2022/05/17 1:16 a.m.15 views

GHSA-H7WM-PH43-C39P Scrapy denial of service vulnerability

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

7.5CVSS6.9AI score0.01907EPSS
Exploits1References6
Debian
Debian
added 2022/03/16 11:57 a.m.103 views

[SECURITY] [DLA 2950-1] python-scrapy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2950-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 16, 2022 https://wiki.debian.org/LTS -...

8.8CVSS6.8AI score0.01243EPSS
Exploits1
OSV
OSV
added 2022/03/16 12:0 a.m.26 views

DLA-2950-1 python-scrapy - security update

Bulletin has no description...

8.8CVSS6.3AI score0.01243EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/03/16 12:0 a.m.17 views

Debian: Security Advisory (DLA-2950-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.01243EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.50 views

Debian DLA-2950-1 : python-scrapy - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2950 advisory. It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections,...

8.8CVSS7.3AI score0.01243EPSS
Exploits1References7
CNVD
CNVD
added 2022/03/14 12:0 a.m.18 views

Gerapy has unspecified vulnerabilities

Gerapy is a distributed crawler management framework based on Scrapy, Scrapyd, Django and Vue.js. A security vulnerability exists in Gerapy v 0.9.7, which stems from an access control vulnerability that can be caused by the spider parameter in the projectconfigure function. No details of the...

1.9AI score
Exploits6References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.49 views

Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)

Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...

8.8CVSS2.7AI score0.01243EPSS
Exploits1References1
Veracode
Veracode
added 2022/03/03 6:30 a.m.6 views

Insecure Cookies

scrapy is using insecure cookies. The vulnerability exists in cookie.py because the cookie-setting is not restricted based on the public suffix list which allows an attacker to inject cookies from a controlled domain...

3AI score
Exploits0
Veracode
Veracode
added 2022/03/03 4:49 a.m.20 views

Information Disclosure

Scrapy is vulnerable to information disclosure. The library does not properly check cookie headers before being redirected to the location URL, allowing an attacker to gain sensitive information or hijack users accounts by redirecting to malicious URLs...

6.5CVSS3AI score0.01243EPSS
Exploits1References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/03/02 4:15 a.m.7 views

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS7AI score0.01243EPSS
Exploits1References4
NVD
NVD
added 2022/03/02 4:15 a.m.11 views

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS0.01243EPSS
Exploits1References3
OSV
OSV
added 2022/03/02 4:15 a.m.1 views

DEBIAN-CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

6.5CVSS7.1AI score0.01243EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/03/02 4:15 a.m.4 views

2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +568 more potentially affected by CVE-2022-0577 via scrapy (>=1.3.3 <=2.6.0)

scrapy PYPI version =1.3.3, =0.1.0, =0.10.0, =0.0.1, =0.4.0, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =0.3.7 and more Source cves: CVE-2022-0577 Source advisory: OSV:PYSEC-2022-159...

8.8CVSS6.8AI score0.01243EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2022/03/02 4:15 a.m.22 views

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS6.9AI score0.01243EPSS
Exploits1References4
OSV
OSV
added 2022/03/02 4:15 a.m.4 views

UBUNTU-CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS5.8AI score0.01243EPSS
Exploits1References5
Rows per page
Query Builder