Lucene search
+L

313 matches found

OSV
OSV
added 2025/10/31 12:30 a.m.9 views

GHSA-2QFP-Q593-8484 Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/10/31 12:30 a.m.15 views

Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2025/10/31 12:15 a.m.9 views

CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 12:15 a.m.2 views

DEBIAN-CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.2AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 12:15 a.m.4 views

UBUNTU-CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 12:0 a.m.4 views

CVE-2025-6176 Brotli decompression bomb DoS in scrapy/scrapy

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS6.2AI score0.00509EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/10/31 12:0 a.m.7 views

CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.2AI score0.00509EPSS
Exploits0
CVE
CVE
added 2025/10/31 12:0 a.m.82 views

CVE-2025-6176

CVE-2025-6176 affects Scrapy up to 2.13.2 (and advisory notes extend to 2.13.3) due to a flaw in brotli decompression that can cause a DoS by extremely high compression ratios on zero-filled data, consuming memory and crashing clients with limited RAM. The DoS is remote via network interactions; ...

7.5CVSS6.2AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.20 views

CVE-2025-6176 Brotli decompression bomb DoS in scrapy/scrapy

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.9 views

Scrapy 资源管理错误漏洞

Scrapy is a free and open source web crawler framework written in Python by Scrapy Open Source. A resource management error vulnerability exists in Scrapy 2.13.2 and earlier versions, which stems from a flaw in the brotli decompression implementation that could lead to a denial of service attack...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-6176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-0128

Malware in sbrugna...

7.8CVSS7.4AI score0.01907EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-0239

Malware in sbrugna...

6.5CVSS7.3AI score0.01196EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0238

Malware in sbrugna...

7.5CVSS7.4AI score0.01077EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0622

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00642EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0162

Malicious code in bioql PyPI...

7.5CVSS7AI score0.00553EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-0577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. CVE-2022-0577 Note that Nessus relies on the...

8.8CVSS7.1AI score0.01243EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-14158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is...

7.8CVSS6.8AI score0.01907EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-41125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in scrapy-doc-zh (npm)

The package scrapy-doc-zh was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder