SUSE CVE-2024-1892

🗓️ 29 Feb 2024 03:37:52Reported by Suse CVEType

susecve

susecve🔗 www.suse.com

ReDoS in Scrapy XML parsing via XMLFeedSpider can cause DoS and unresponsive services.

Reporter	Title	Published	Views	Family All 35
Circl	CVE-2024-1892	28 Feb 202401:26	–	circl
CNNVD	Scrapy Security Vulnerabilities	27 Feb 202400:00	–	cnnvd
CVE	CVE-2024-1892	28 Feb 202400:00	–	cve
Cvelist	CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider	28 Feb 202400:00	–	cvelist
Debian CVE	CVE-2024-1892	28 Feb 202400:00	–	debiancve
EUVD	EUVD-2024-0162	3 Oct 202520:07	–	euvd
Github Security Blog	Duplicate Advisory: ReDos vulnerability of XMLFeedSpider	28 Feb 202400:31	–	github
Github Security Blog	Scrapy vulnerable to ReDoS via XMLFeedSpider	15 Feb 202415:22	–	github
NVD	CVE-2024-1892	28 Feb 202400:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-7476-1)	6 May 202500:00	–	openvas

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	python-scrapy-doc	2.11.1-1.1	python-Scrapy-doc-2.11.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python310-scrapy	2.11.1-1.1	python310-Scrapy-2.11.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python311-scrapy	2.11.1-1.1	python311-Scrapy-2.11.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python312-scrapy	2.11.1-1.1	python312-Scrapy-2.11.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python39-scrapy	2.11.1-1.1	python39-Scrapy-2.11.1-1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2024-1892
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1220514

17 Jun 2026 02:30Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5

EPSS0.00553

regular expression denial of service xml parsing scrapy xmlfeedspider unix vulnerability suse