Lucene search
+L

313 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41124

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...

7.5CVSS7AI score0.01077EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/05 1:26 a.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.4 views

RHEL 10 : brotli (RHSA-2026:0008)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0008 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffm...

7.5CVSS7.3AI score0.00509EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.6 views

TencentOS Server 4: brotli (TSSA-2025:0957)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0957 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 7:23 a.m.8 views

Denial Of Service (DoS)

Scrapy and brotli is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate protection against brotli decompression bombs, which allows an attacker to send highly compressed data that expands excessively in memory and crashes the client...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References9Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: brotli (UTSA-2025-991041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991041 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...

7.5CVSS7.2AI score0.00509EPSS
Exploits0References4
OSV
OSV
added 2025/11/14 12:38 p.m.3 views

OESA-2025-2671 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS7.3AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:38 p.m.3 views

OESA-2025-2670 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:38 p.m.4 views

OESA-2025-2669 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:38 p.m.4 views

OESA-2025-2668 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:38 p.m.4 views

OESA-2025-2667 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/11/13 12:0 a.m.4 views

python-Scrapy-doc-2.13.3-2.1 on GA media (moderate)

python-Scrapy-doc-2.13.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:15732-1 Rating: moderate Cross-References: CVE-2025-6176 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7.5CVSS7.9AI score0.00509EPSS
Exploits0
OSV
OSV
added 2025/11/12 12:0 a.m.3 views

OPENSUSE-SU-2025:15732-1 python-Scrapy-doc-2.13.3-2.1 on GA media

These are all security issues fixed in the python-Scrapy-doc-2.13.3-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 12:31 p.m.5 views

OESA-2025-2645 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.6AI score0.00509EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/01 6:6 p.m.9 views

CVE-2025-6176

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/11/01 4:2 a.m.12 views

SUSE CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS6.7AI score0.00509EPSS
Exploits0References7
Snyk
Snyk
added 2025/10/31 12:43 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompressi...

8.7CVSS7.6AI score0.00509EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/31 12:43 a.m.5 views

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +53 more potentially affected by CVE-2025-6176 via scrapy (>=1.3.3 <=2.13.4)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2025-6176 Source advisory: SNYK:PYTHON-SCRAPY-13792895...

7.5CVSS7AI score0.00509EPSS
Exploits0
EUVD
EUVD
added 2025/10/31 12:30 a.m.8 views

EUVD-2025-37237

Brotli is vulnerable to a denial of service DoS attack due to decompression...

7.5CVSS7.5AI score0.00509EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/10/31 12:30 a.m.5 views

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +53 more potentially affected by CVE-2025-6176 via scrapy (>=1.3.3 <=2.13.3)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2025-6176 Source advisory: OSV:GHSA-2QFP-Q593-8484...

7.5CVSS7.1AI score0.00509EPSS
Exploits0
Rows per page
Query Builder