VYPR
High severity7.5NVD Advisory· Published Sep 5, 2017· Updated Jun 17, 2026

CVE-2017-14158

CVE-2017-14158

Description

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
scrapyPyPI
>= 0.7, <= 2.15.2

Affected products

2
  • Scrapy/Scrapy2 versions
    cpe:2.3:a:scrapy:scrapy:1.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:scrapy:scrapy:1.4:*:*:*:*:*:*:*
    • (no CPE)range: <1.4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.