High severity8.8NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2017-7235

Description

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
cfscrapePyPI	>= 1.6.6, < 1.8.0	1.8.0

Affected products

Cloudflare Scrape Project/Cloudflare Scrape5 versions
cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.6.6:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloudflare-scrape_project:cloudflare-scrape:1.7.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Anorov/cloudflare-scrape/releases/tag/1.8.0nvdPatchVendor AdvisoryWEB
github.com/Anorov/cloudflare-scrape/issues/97nvdIssue TrackingVendor AdvisoryWEB
github.com/advisories/GHSA-5mc5-5j6c-qmf9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-7235ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/cfscrape/PYSEC-2017-7.yamlghsaWEB
web.archive.org/web/20170701161512/http://www.securityfocus.com/bid/97191ghsaWEB
www.securityfocus.com/bid/97191nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000