Denial of Service (DoS) Affecting scrapy package, versions [0,]

Snyk CVSS

Attack Complexity Low

Privileges Required High

Availability High

Threat Intelligence

EPSS 0.24% (62^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-SCRAPY-40690
published 9 Nov 2017
disclosed 4 Sep 2017
credit Mikhail Korobov

Report a new vulnerability Found a mistake?

Introduced: 4 Sep 2017

CVE-2017-14158 Open this link in a new tab CWE-400 Open this link in a new tab

Overview

via S3FilesStore. Files are stored in memory before uploaded to s3, increasing memory usage if giant or many files are being uploaded at the same time.

References

https://github.com/scrapy/scrapy/issues/482
https://github.com/scrapy/scrapy/pull/2917