262 matches found
Session cookie disclosure in the crawler
Date : 2024-04-09 CVE ID : CVE-2024-28235 If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4.11 Contao 4....
GHSA-H9J7-5XVC-QHG5 langchain Server-Side Request Forgery vulnerability
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
langchain Server-Side Request Forgery vulnerability
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
PYSEC-2024-235
With the following crawler configuration:pythonfrom bs4 import BeautifulSoup as Soupurl = "https://example.com"loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".textdocs = loader.loadAn attacker in control of the contents of https://example.com could place ...
PYSEC-2024-235
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
Design/Logic Flaw
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
LangChain Code Issues Vulnerabilities
LangChain is building applications using LLM through composability. LangChain is vulnerable to a code issue. An attacker could use this vulnerability to place a malicious HTML file with a link such as "https://example.completely.different/myfile.html" in it, allowing the crawler to continue...
CVE-2024-0243
LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...
spider-flow security vulnerability
spider-flow is an open source crawler platform by sssssssss-team. A security vulnerability exists in spider-flow version 0.4.3. An attacker exploited the vulnerability to cause code injection...
Pantheon - Insecure Camera Parser
Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. Functionalities Pantheon allows users to execute an API crawler. There was original functionality without the use of...
com.digitalpebble.stormcrawler:storm-crawler-solr (=2.11), com.github.paulcwarren:content-solr-spring-boot-starter (=3.0.7) +108 more potentially affected by CVE-2023-44981 via org.apache.zookeeper:zookeeper (=3.9.0)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.zookeeper:zookeeper and may be impacted: - com.digitalpebble.stormcrawler:storm-crawler-solr =2.11 -...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...
Hour of Code 安全漏洞
Hour of Code is an application for ming individual developers. It uses Python to create a web crawler. A security vulnerability exists in Hour of Code, which stems from a code execution backdoor via request packets that can be exploited by an attacker to access sensitive user information and...
Z-BlogPHP 代码问题漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...
Fedora: Security Advisory for golang-github-gocolly-colly-2 (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36
Elegant Scraper and Crawler Framework for Golang...
[SECURITY] Fedora 35 Update: golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc35
Elegant Scraper and Crawler Framework for Golang...
com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +91 more potentially affected by CVE-2019-0202 via org.apache.storm:storm-core (>=0.9.3 <=1.2.2)
org.apache.storm:storm-core MAVEN version =0.9.3, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =0.3.4, =0.4.1 - com.github.ptgoetz:flux =0.1.0 and more Source cves: CVE-2019-0202 Source advisory: OSV:GHSA-R9PV-HG64-JQRP...
Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask
Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...