In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade Scrapy
to version 1.8.4, 2.11.1 or higher.
Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages.
Affected versions of this package are vulnerable to Origin Validation Error due to the improper handling of the Authorization
header during cross-domain redirects. An attacker can leak sensitive information by inducing the server to redirect a request with the Authorization
header to a different domain.
1)Make sure that the Authentication header, either directly or through some third-party plugin is not used.
2)If that header is needed in some requests, add dont_redirect: True
to the request.meta
dictionary of those requests to disable following redirects for them.
3)If same domain redirect support is needed on those requests, make sure you trust the target website not to redirect your requests to a different domain.