Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0239

Malware in sbrugna...

6.5CVSS7.3AI score0.01196EPSS
Exploits0References10
OSV
OSV
added 2024/02/15 3:32 p.m.18 views

GHSA-CW9J-Q3VF-HRRV Scrapy authorization header leakage on cross-domain redirect

Impact When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain...

7.5CVSS7.1AI score0.00642EPSS
Exploits1References5
OSV
OSV
added 2022/03/01 10:12 p.m.3 views

GHSA-CJVR-MFJ7-J4J8 Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy

Impact If you manually define cookies on a Request object, and that Request object gets a redirect response, the new Request object scheduled to follow the redirect keeps those user-defined cookies, regardless of the target domain. Patches Upgrade to Scrapy 2.6.0, which resets cookies when creati...

6.5CVSS6.8AI score0.01243EPSS
Exploits1References7
PyPA
PyPA
added 2021/10/06 6:15 p.m.6 views

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/10/06 6:15 p.m.3 views

UBUNTU-CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS5.8AI score0.01196EPSS
Exploits0References7
Rows per page
Query Builder