Denial of Service (DoS) Affecting scrapy package, versions [0,]

Threat Intelligence

0.24% (63^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-SCRAPY-40690
published 9 Nov 2017
disclosed 4 Sep 2017
credit Mikhail Korobov

Report a new vulnerability Found a mistake?

Introduced: 4 Sep 2017

CVE-2017-14158 Open this link in a new tab CWE-400 Open this link in a new tab

Overview

via S3FilesStore. Files are stored in memory before uploaded to s3, increasing memory usage if giant or many files are being uploaded at the same time.

References

https://github.com/scrapy/scrapy/issues/482
https://github.com/scrapy/scrapy/pull/2917

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

High
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High

Denial of Service (DoS) Affecting scrapy package, versions [0,]

Severity

CVSS assessment made by Snyk's Security Team

Threat Intelligence

Introduced: 4 Sep 2017

Overview

References

CVSS Scores

Snyk