5 matches found
EUVD-2021-0239
Malware in sbrugna...
GHSA-CW9J-Q3VF-HRRV Scrapy authorization header leakage on cross-domain redirect
Impact When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain...
GHSA-CJVR-MFJ7-J4J8 Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Impact If you manually define cookies on a Request object, and that Request object gets a redirect response, the new Request object scheduled to follow the redirect keeps those user-defined cookies, regardless of the target domain. Patches Upgrade to Scrapy 2.6.0, which resets cookies when creati...
PYSEC-2021-363
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
UBUNTU-CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...