All the vulnerabilites related to scrapy - scrapy/scrapy
cve-2022-0577
Vulnerability from cvelistv5
Published
2022-03-02 04:05
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
References
▼ | URL | Tags |
---|---|---|
https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 | x_refsource_CONFIRM | |
https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | scrapy | scrapy/scrapy |
Version: unspecified < 2.6.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a" }, { "name": "[debian-lts-announce] 20220316 [SECURITY] [DLA 2950-1] python-scrapy security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "scrapy/scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.6.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-16T13:06:10", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a" }, { "name": "[debian-lts-announce] 20220316 [SECURITY] [DLA 2950-1] python-scrapy security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html" } ], "source": { "advisory": "3da527b1-2348-4f69-9e88-2e11a96ac585", "discovery": "EXTERNAL" }, "title": "Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0577", "STATE": "PUBLIC", "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "scrapy/scrapy", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2.6.1" } ] } } ] }, "vendor_name": "scrapy" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585" }, { "name": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a", "refsource": "MISC", "url": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a" }, { "name": "[debian-lts-announce] 20220316 [SECURITY] [DLA 2950-1] python-scrapy security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html" } ] }, "source": { "advisory": "3da527b1-2348-4f69-9e88-2e11a96ac585", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-0577", "datePublished": "2022-03-02T04:05:10", "dateReserved": "2022-02-13T00:00:00", "dateUpdated": "2024-08-02T23:32:46.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1892
Vulnerability from cvelistv5
Published
2024-02-28 00:00
Modified
2024-08-11 14:28
Severity ?
EPSS score ?
Summary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | scrapy | scrapy/scrapy |
Version: unspecified < 2.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:56:22.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b" }, { "tags": [ "x_transferred" ], "url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:scrapy:scrapy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1892", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T16:44:39.898769Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-11T14:28:49.917Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "scrapy/scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T11:10:41.338Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b" }, { "url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5" } ], "source": { "advisory": "271f94f2-1e05-4616-ac43-41752389e26b", "discovery": "EXTERNAL" }, "title": "ReDoS Vulnerability in scrapy/scrapy\u0027s XMLFeedSpider" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-1892", "datePublished": "2024-02-28T00:00:14.092Z", "dateReserved": "2024-02-26T15:14:37.251Z", "dateUpdated": "2024-08-11T14:28:49.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1968
Vulnerability from cvelistv5
Published
2024-05-20 08:03
Modified
2024-08-01 18:56
Severity ?
EPSS score ?
Summary
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | scrapy | scrapy/scrapy |
Version: unspecified < 2.11.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:scrapy:scrapy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1968", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-18T20:26:27.498015Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T20:29:26.848Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:56:22.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a" }, { "tags": [ "x_transferred" ], "url": "https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "scrapy/scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-20T08:03:43.129Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a" }, { "url": "https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8" } ], "source": { "advisory": "27f6a021-a891-446a-ada5-0226d619dd1a", "discovery": "EXTERNAL" }, "title": "Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-1968", "datePublished": "2024-05-20T08:03:43.129Z", "dateReserved": "2024-02-28T11:17:28.937Z", "dateUpdated": "2024-08-01T18:56:22.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3572
Vulnerability from cvelistv5
Published
2024-04-16 00:00
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | scrapy | scrapy/scrapy |
Version: unspecified < 2.11.1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:scrapy:scrapy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3572", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-18T15:21:44.587736Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-03T15:50:19.103Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:07.961Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb" }, { "tags": [ "x_transferred" ], "url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "scrapy/scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. " } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-409", "description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T11:10:55.785Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb" }, { "url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f" } ], "source": { "advisory": "c4a0fac9-0c5a-4718-9ee4-2d06d58adabb", "discovery": "EXTERNAL" }, "title": "XML External Entity (XXE) Vulnerability in scrapy/scrapy" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-3572", "datePublished": "2024-04-16T00:00:14.499Z", "dateReserved": "2024-04-10T09:54:09.923Z", "dateUpdated": "2024-08-01T20:12:07.961Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3574
Vulnerability from cvelistv5
Published
2024-04-16 00:00
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | scrapy | scrapy/scrapy |
Version: unspecified < 2.11.1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:scrapy:scrapy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3574", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-18T15:23:27.914402Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-03T15:46:57.275Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:08.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9" }, { "tags": [ "x_transferred" ], "url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "scrapy/scrapy", "vendor": "scrapy", "versions": [ { "lessThan": "2.11.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T11:10:56.646Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9" }, { "url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75" } ], "source": { "advisory": "49974321-2718-43e3-a152-62b16eed72a9", "discovery": "EXTERNAL" }, "title": "Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-3574", "datePublished": "2024-04-16T00:00:15.109Z", "dateReserved": "2024-04-10T09:54:50.274Z", "dateUpdated": "2024-08-01T20:12:08.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }