VYPR
High severityNVD Advisory· Published Feb 28, 2024· Updated Aug 11, 2024

ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider

CVE-2024-1892

Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
scrapyPyPI
>= 2, < 2.11.12.11.1
scrapyPyPI
< 1.8.41.8.4

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.