PYSEC-2024-258

In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...

scrapy 信息泄露漏洞

Scrapy is a free and open source web crawler framework written in Python. An information disclosure vulnerability exists in scrapy that stems from the fact that the authorization header may be inadvertently exposed in plaintext, leading to the disclosure of potentially sensitive information...

DEBIAN-CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

[SECURITY] [DLA 2950-1] python-scrapy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2950-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 16, 2022 https://wiki.debian.org/LTS -...