Scrapy@2.7.1 vulnerabilities
A high-level Web Crawling and Web Scraping framework
-
latest version
2.12.0
-
first published
15 years ago
-
latest version published
5 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the Scrapy package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to the improper handling of scheme-specific proxy settings during HTTP redirects. An attacker can potentially intercept sensitive information by exploiting the failure to switch proxies when redirected from HTTP to HTTPS URLs or vice versa. How to fix URL Redirection to Untrusted Site ('Open Redirect')? Upgrade |
[,2.11.2)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the Notes:
a) Redirect to any local file using the file:// scheme to read its contents. b) Redirect to an ftp:// URL of a malicious FTP server to obtain the FTP username and password configured in the spider or project. c) Redirect to any s3:// URL to read its content using the S3 credentials configured in the spider or project.
How to fix Files or Directories Accessible to External Parties? Upgrade |
[,2.11.2)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to improper handling of HTTP headers during cross-origin redirects. An attacker can intercept the Note: In the context of a man-in-the-middle attack, this could be used to get access to the value of that Authorization header. How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade |
[,2.11.2)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Information Exposure Through Sent Data due to the failure to remove the How to fix Information Exposure Through Sent Data? Upgrade |
[,2.11.1)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing content. An attacker can cause extreme CPU and memory usage by handling a malicious response. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,2.11.1)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the enforcement of response size limits only during the download of raw, usually-compressed response bodies and not during decompression. A malicious website being scraped could send a small response that, upon decompression, could exhaust the memory available to the process, potentially affecting any other process sharing that memory, and affecting disk usage in case of uncompressed response caching. How to fix Improper Resource Shutdown or Release? Upgrade |
[,1.8.4)
[2.0.0,2.11.1)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the Note: For versions 2.6.0 to 2.11.0, the vulnerable function is How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,1.8.4)
[2.0.0,2.11.1)
|
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Origin Validation Error due to the improper handling of the How to fix Origin Validation Error? Upgrade |
[,1.8.4)
[2.0.0,2.11.1)
|
via |
[0,)
|