8 matches found
SUSE CVE-2024-1892
A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...
ReDoS (Regular Expression Denial Of Service)
scrapy is vulnerable to ReDoS Regular Expression Denial Of Service. The vulnerability is due to a Regular Expression with inefficient complexity which is used to parse XML content when utilizing the XMLFeedSpider class when scraping XML. If the class is utilized to scrape an attacker-controlled w...
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cc65-xxvf-f7r9. This link is maintained to preserve external references. Original Description Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause...
CVE-2024-1892
A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...
CVE-2024-1892
A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...
CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider
A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...
CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider
A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...
Scrapy vulnerable to ReDoS via XMLFeedSpider
Impact The following parts of the Scrapy API were found to be vulnerable to a ReDoS attack: - The XMLFeedSpider class or any subclass that uses the default node iterator: iternodes, as well as direct uses of the scrapy.utils.iterators.xmliter function. - Scrapy 2.6.0 to 2.11.0: The openinbrowser...