Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
31 Jul 2022
29 Jul 2022
Introduced: 29 Jul 2022New CWE-256 Open this link in a new tab
How to fix?
Scrapy to version 1.8.3, 2.6.2 or higher.
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages.
Affected versions of this package are vulnerable to Credential Exposure via the
process_request() function in
downloadermiddlewares/httpproxy.py. A proxy can leak credentials to another proxy if third-party downloader middlewares leave
Proxy-Authentication headers unchanged when updating
proxy metadata for a new request.
NOTE: To fully mitigate the effects of vulnerability, replacing or upgrading the third-party downloader middleware might be necessary after upgrading.