VYPR

rpm package

opensuse/python-Scrapy&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-Scrapy&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2025-6176HigOct 31, 2025
    affected < 2.13.3-2.1fixed 2.13.3-2.1

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less

  • CVE-2024-1968May 20, 2024
    affected < 2.11.2-1.1fixed 2.11.2-1.1

    In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization

  • CVE-2021-41125Oct 6, 2021
    affected < 2.5.1-1.1fixed 2.5.1-1.1

    Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generat