7 matches found
CVE-2021-41124
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
EUVD-2021-0238
Malware in sbrugna...
PT-2021-23108 · Scrapy +2 · Scrapy +2
Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.5.1 Scrapy versions 1.8 and earlier Description: The issue affects Scrapy when using HttpAuthMiddleware for HTTP authentication, causing all requests to expose credentials to the request target. This includes reques...
CVE-2021-41124
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
CVE-2021-41124
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
Cross site request forgery (csrf)
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
CVE-2021-41124
The CVE affects the scrapy-splash library used with Scrapy. When HttpAuthMiddleware (http_user/http_pass) is used for Splash authentication, non-Splash requests can leak credentials to the target, including robots.txt requests if ROBOTSTXT_OBEY is True. Remediation per the reports is to upgrade t...