rpm package
opensuse/python-Scrapy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-Scrapy&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6176 | Hig | 7.5 | < 2.13.3-2.1 | 2.13.3-2.1 | Oct 31, 2025 | Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less | |
| CVE-2024-1968 | — | < 2.11.2-1.1 | 2.11.2-1.1 | May 20, 2024 | In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization | ||
| CVE-2021-41125 | — | < 2.5.1-1.1 | 2.5.1-1.1 | Oct 6, 2021 | Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generat |
- affected < 2.13.3-2.1fixed 2.13.3-2.1
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less
- CVE-2024-1968May 20, 2024affected < 2.11.2-1.1fixed 2.11.2-1.1
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization
- CVE-2021-41125Oct 6, 2021affected < 2.5.1-1.1fixed 2.5.1-1.1
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generat