CVE-2024-3572

🗓️ 16 Apr 2024 00:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 12 Views

The project scrapy/scrapy is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing

Reporter	Title	Published	Views	Family All 29
CNNVD	Scrapy 安全漏洞	15 Apr 202400:00	–	cnnvd
CVE	CVE-2024-3572	16 Apr 202400:00	–	cve
Cvelist	CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy	16 Apr 202400:00	–	cvelist
Debian CVE	CVE-2024-3572	16 Apr 202400:00	–	debiancve
EUVD	EUVD-2024-0557	3 Oct 202520:07	–	euvd
Github Security Blog	Scrapy decompression bomb vulnerability	16 Feb 202416:07	–	github
Github Security Blog	Duplicate Advisory: Scrapy decompression bomb vulnerability	16 Apr 202400:30	–	github
NVD	CVE-2024-3572	16 Apr 202400:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-7476-1)	6 May 202500:00	–	openvas
OSV	DEBIAN-CVE-2024-3572	16 Apr 202400:15	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	python-scrapy	1.5.0-1ubuntu0.1~esm1	python-scrapy_1.5.0-1ubuntu0.1~esm1_any.deb
Ubuntu	20.04	any	python-scrapy	1.7.3-1ubuntu0.1~esm1	python-scrapy_1.7.3-1ubuntu0.1~esm1_any.deb
Ubuntu	22.04	any	python-scrapy	2.5.1-2ubuntu0.1~esm1	python-scrapy_2.5.1-2ubuntu0.1~esm1_any.deb

Source	Link
cve	www.cve.org/CVERecord
huntr	www.huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
github	www.github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f%20(2.11.1)
github	www.github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
github	www.github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f
ubuntu	www.ubuntu.com/security/notices/USN-7476-1

26 Aug 2025 13:57Current

7.1High risk

Vulners AI Score7.1

CVSS 37.5

EPSS0.00807

SSVC

scrapy project xml external entity xxe attacks lxml.etree.fromstring denial of service local files access network connections firewalls unix