7 matches found
Ubuntu: Security Advisory (USN-7476-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2024-1968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but...
article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +25 more potentially affected by CVE-2024-1968 via scrapy (>=1.3.3 <=1.8.4)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.1, =0.1.4 and more Source cves: CVE-2024-1968 Source advisory: OSV:PYSEC-2024-258...
ayugespidertools (>=3.4.0 <=3.9.7), baotool (=1.0.1) +8 more potentially affected by CVE-2024-1968 via scrapy (>=2.0.1 <=2.11.1)
scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.0.1, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-1968 Source advisory: OSV:PYSEC-2024-258...
CVE-2024-1968
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...
CVE-2024-1968 Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...
article-extract (>=0.1.2 <=0.1.3), ayugespidertools (>=3.4.0 <=3.9.7) +35 more potentially affected by CVE-2024-1968 via scrapy (>=1.3.3 <=2.11.1)
scrapy PYPI version =1.3.3, =0.1.2, =3.4.0, =2.8.3, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.3.0a0, =0.0.20, =0.9.3, =0.0.1, =0.0.1, =0.1.2, =1.0.0, =1.1.2.post0 and more Source cves: CVE-2024-1968 Source advisory: OSV:GHSA-4QQQ-9VQF-3H3F...