313 matches found
GHSA-2QFP-Q593-8484 Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
DEBIAN-CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
UBUNTU-CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176 Brotli decompression bomb DoS in scrapy/scrapy
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
CVE-2025-6176
CVE-2025-6176 affects Scrapy up to 2.13.2 (and advisory notes extend to 2.13.3) due to a flaw in brotli decompression that can cause a DoS by extremely high compression ratios on zero-filled data, consuming memory and crashing clients with limited RAM. The DoS is remote via network interactions; ...
CVE-2025-6176 Brotli decompression bomb DoS in scrapy/scrapy
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Scrapy 资源管理错误漏洞
Scrapy is a free and open source web crawler framework written in Python by Scrapy Open Source. A resource management error vulnerability exists in Scrapy 2.13.2 and earlier versions, which stems from a flaw in the brotli decompression implementation that could lead to a denial of service attack...
Linux Distros Unpatched Vulnerability : CVE-2025-6176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...
EUVD-2017-0128
Malware in sbrugna...
EUVD-2021-0239
Malware in sbrugna...
EUVD-2021-0238
Malware in sbrugna...
EUVD-2024-0622
Malicious code in bioql PyPI...
EUVD-2024-0162
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-0577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. CVE-2022-0577 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2017-14158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is...
Linux Distros Unpatched Vulnerability : CVE-2021-41125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP...
Malicious code in scrapy-doc-zh (npm)
The package scrapy-doc-zh was found to contain malicious code...