6 matches found
Ubuntu: Security Advisory (USN-7476-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2950-1] python-scrapy security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2950-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 16, 2022 https://wiki.debian.org/LTS -...
Debian DLA-2950-1 : python-scrapy - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2950 advisory. It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections,...
2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +549 more potentially affected by CVE-2021-41125 via scrapy (>=2.0.1 <=2.5.0)
scrapy PYPI version =2.0.1, =0.1.0, =0.10.0, =0.0.1, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =1.2.0, =1.5.0 and more Source cves: CVE-2021-41125 Source advisory: OSV:GHSA-JWQP-28GF-P498...
CVE-2021-41125
CVE-2021-41125 affects Scrapy (Python): when using HttpAuthMiddleware (http_user/http_pass spider attributes), credentials may be exposed in requests, including robots.txt checks and redirects. Affected versions include older Scrapy releases prior to fixes. Mitigation per sources: upgrade to Scra...
CVE-2021-41125 HTTP authentication credential leak to target websites in scrapy
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...