PyPI package
pyspider
pkg:pypi/pyspider
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39163 | Hig | 8.8 | <= 0.3.10 | — | Dec 4, 2024 | binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. | |
| CVE-2024-39162 | Med | 6.1 | <= 0.3.10 | — | Nov 29, 2024 | pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
- affected <= 0.3.10
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.
- affected <= 0.3.10
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer