313 matches found
CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
DEBIAN-CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +549 more potentially affected by CVE-2021-41125 via scrapy (>=2.0.1 <=2.5.0)
scrapy PYPI version =2.0.1, =0.1.0, =0.10.0, =0.0.1, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =1.2.0, =1.5.0 and more Source cves: CVE-2021-41125 Source advisory: OSV:PYSEC-2021-363...
article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2021-41125 via scrapy (>=1.3.3 <=1.8.0)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2021-41125 Source advisory: OSV:PYSEC-2021-363...
CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
PYSEC-2021-363
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
PYSEC-2021-363
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
Authentication flaw
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
UBUNTU-CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
Splash authentication credentials potentially leaked to target websites
Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY setting is set to True. Patches Upgra...
GHSA-823F-CWM9-4G74 Splash authentication credentials potentially leaked to target websites
Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY setting is set to True. Patches Upgra...
Scrapy HTTP authentication credentials potentially leaked to target websites
Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY...
2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +549 more potentially affected by CVE-2021-41125 via scrapy (>=2.0.1 <=2.5.0)
scrapy PYPI version =2.0.1, =0.1.0, =0.10.0, =0.0.1, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =1.2.0, =1.5.0 and more Source cves: CVE-2021-41125 Source advisory: OSV:GHSA-JWQP-28GF-P498...
article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2021-41125 via scrapy (>=1.3.3 <=1.8.0)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2021-41125 Source advisory: OSV:GHSA-JWQP-28GF-P498...
GHSA-JWQP-28GF-P498 Scrapy HTTP authentication credentials potentially leaked to target websites
Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY...
CVE-2021-41125 HTTP authentication credential leak to target websites in scrapy
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
CVE-2021-41125
CVE-2021-41125 affects Scrapy (Python): when using HttpAuthMiddleware (http_user/http_pass spider attributes), credentials may be exposed in requests, including robots.txt checks and redirects. Affected versions include older Scrapy releases prior to fixes. Mitigation per sources: upgrade to Scra...
PT-2021-23108 · Scrapy +2 · Scrapy +2
Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.5.1 Scrapy versions 1.8 and earlier Description: The issue affects Scrapy when using HttpAuthMiddleware for HTTP authentication, causing all requests to expose credentials to the request target. This includes reques...