EUVD-2021-0238

Malware in sbrugna...

GHSA-823F-CWM9-4G74 Splash authentication credentials potentially leaked to target websites

Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY setting is set to True. Patches Upgra...

CVE-2021-41124

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...

Cross site request forgery (csrf)

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...

CVE-2021-41124

The CVE affects the scrapy-splash library used with Scrapy. When HttpAuthMiddleware (http_user/http_pass) is used for Splash authentication, non-Splash requests can leak credentials to the target, including robots.txt requests if ROBOTSTXT_OBEY is True. Remediation per the reports is to upgrade t...