Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
Typedeb
Namespacedebian
Namepython-scrapy
Version2.11.1-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.11.2-1
Latest_non_vulnerable_version2.14.2-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-385b-344t-23es
vulnerability_id VCID-385b-344t-23es
summary 
Scrapy decompression bomb vulnerability
### Impact

Scrapy limits allowed response sizes by default through the [`DOWNLOAD_MAXSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-maxsize) and [`DOWNLOAD_WARNSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-warnsize) settings.

However, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to [decompression bombs](https://cwe.mitre.org/data/definitions/409.html).

A malicious website being scraped could send a small response that, on decompression, could exhaust the memory available to the Scrapy process, potentially affecting any other process sharing that memory, and affecting disk usage in case of uncompressed response caching.

### Patches

Upgrade to Scrapy 2.11.1.

If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.

### Workarounds

There is no easy workaround.

Disabling HTTP decompression altogether is impractical, as HTTP compression is a rather common practice.

However, it is technically possible to manually backport the 2.11.1 or 1.8.4 fix, replacing the corresponding components of an unpatched version of Scrapy with patched versions copied into your own code.

### Acknowledgements

This security issue was reported by @dmandefy  [through huntr.com](https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb/).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3572
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36675
published_at 2026-04-04T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36243
published_at 2026-04-26T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36274
published_at 2026-04-24T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36503
published_at 2026-04-21T12:55:00Z
4
value 0.00157
scoring_system epss
scoring_elements 0.36559
published_at 2026-04-18T12:55:00Z
5
value 0.00157
scoring_system epss
scoring_elements 0.36576
published_at 2026-04-16T12:55:00Z
6
value 0.00157
scoring_system epss
scoring_elements 0.36532
published_at 2026-04-13T12:55:00Z
7
value 0.00157
scoring_system epss
scoring_elements 0.36556
published_at 2026-04-12T12:55:00Z
8
value 0.00157
scoring_system epss
scoring_elements 0.3659
published_at 2026-04-11T12:55:00Z
9
value 0.00157
scoring_system epss
scoring_elements 0.36584
published_at 2026-04-09T12:55:00Z
10
value 0.00157
scoring_system epss
scoring_elements 0.36565
published_at 2026-04-08T12:55:00Z
11
value 0.00157
scoring_system epss
scoring_elements 0.36513
published_at 2026-04-07T12:55:00Z
12
value 0.00157
scoring_system epss
scoring_elements 0.36643
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3572
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572
2
reference_url https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14
3
reference_url https://github.com/scrapy/scrapy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy
4
reference_url https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5
5
reference_url https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/
url https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f
6
reference_url https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
7
reference_url https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/
url https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3572
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3572
9
reference_url https://github.com/advisories/GHSA-7j7m-v7m3-jqm7
reference_id GHSA-7j7m-v7m3-jqm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7j7m-v7m3-jqm7
10
reference_url https://usn.ubuntu.com/7476-1/
reference_id USN-7476-1
reference_type
scores
url https://usn.ubuntu.com/7476-1/
fixed_packages
0
url pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie
1
url pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
purl pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dc1m-rt7j-w3af
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie
2
url pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie
aliases CVE-2024-3572, GHSA-7j7m-v7m3-jqm7, GMS-2024-327
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-385b-344t-23es
1
url VCID-64nx-aruy-q7gy
vulnerability_id VCID-64nx-aruy-q7gy
summary A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1892
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18259
published_at 2026-04-11T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.1804
published_at 2026-04-26T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18063
published_at 2026-04-24T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.1815
published_at 2026-04-21T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18106
published_at 2026-04-16T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18161
published_at 2026-04-13T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18213
published_at 2026-04-12T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.1836
published_at 2026-04-02T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18415
published_at 2026-04-04T12:55:00Z
9
value 0.00058
scoring_system epss
scoring_elements 0.18118
published_at 2026-04-18T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.18203
published_at 2026-04-08T12:55:00Z
11
value 0.00058
scoring_system epss
scoring_elements 0.18257
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892
2
reference_url https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14
3
reference_url https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml
5
reference_url https://github.com/scrapy/scrapy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy
6
reference_url https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/
url https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
7
reference_url https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b
8
reference_url https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9
9
reference_url https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/
url https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111
reference_id 1065111
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111
11
reference_url https://github.com/advisories/GHSA-cc65-xxvf-f7r9
reference_id GHSA-cc65-xxvf-f7r9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cc65-xxvf-f7r9
12
reference_url https://usn.ubuntu.com/7476-1/
reference_id USN-7476-1
reference_type
scores
url https://usn.ubuntu.com/7476-1/
fixed_packages
0
url pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie
1
url pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
purl pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dc1m-rt7j-w3af
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie
2
url pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie
aliases CVE-2024-1892, GHSA-cc65-xxvf-f7r9, GMS-2024-287, PYSEC-2024-162
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64nx-aruy-q7gy
2
url VCID-kgf5-wu3r-pqc6
vulnerability_id VCID-kgf5-wu3r-pqc6
summary 
Scrapy authorization header leakage on cross-domain redirect
### Impact

When you send a request with the `Authorization` header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original `Authorization` header, leaking its content to that second domain.

The [right behavior](https://fetch.spec.whatwg.org/#ref-for-cors-non-wildcard-request-header-name) would be to drop the `Authorization` header instead, in this scenario.

### Patches

Upgrade to Scrapy 2.11.1.

If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.

### Workarounds

If you cannot upgrade, make sure that you are not using the `Authentication` header, either directly or through some third-party plugin.

If you need to use that header in some requests, add `"dont_redirect": True` to the `request.meta` dictionary of those requests to disable following redirects for them.

If you need to keep (same domain) redirect support on those requests, make sure you trust the target website not to redirect your requests to a different domain.

### Acknowledgements

This security issue was reported by @ranjit-git  [through huntr.com](https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9/).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3574
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.31352
published_at 2026-04-04T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.31225
published_at 2026-04-08T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.31172
published_at 2026-04-13T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.31311
published_at 2026-04-02T12:55:00Z
4
value 0.00121
scoring_system epss
scoring_elements 0.30875
published_at 2026-04-26T12:55:00Z
5
value 0.00121
scoring_system epss
scoring_elements 0.30996
published_at 2026-04-24T12:55:00Z
6
value 0.00121
scoring_system epss
scoring_elements 0.31157
published_at 2026-04-21T12:55:00Z
7
value 0.00121
scoring_system epss
scoring_elements 0.31187
published_at 2026-04-18T12:55:00Z
8
value 0.00121
scoring_system epss
scoring_elements 0.31206
published_at 2026-04-16T12:55:00Z
9
value 0.00121
scoring_system epss
scoring_elements 0.31216
published_at 2026-04-12T12:55:00Z
10
value 0.00121
scoring_system epss
scoring_elements 0.31259
published_at 2026-04-11T12:55:00Z
11
value 0.00121
scoring_system epss
scoring_elements 0.31255
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3574
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574
2
reference_url https://github.com/scrapy/scrapy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy
3
reference_url https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae
4
reference_url https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
5
reference_url https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/
url https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3574
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3574
7
reference_url https://usn.ubuntu.com/7476-1/
reference_id USN-7476-1
reference_type
scores
url https://usn.ubuntu.com/7476-1/
fixed_packages
0
url pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie
1
url pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
purl pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dc1m-rt7j-w3af
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie
2
url pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
purl pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie
aliases CVE-2024-3574, GHSA-cw9j-q3vf-hrrv, GMS-2024-288
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf5-wu3r-pqc6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie