Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8wu8-qh8m-7ubm
Vulnerability ID VCID-8wu8-qh8m-7ubm
Aliases GHSA-7c9g-vj9m-8pm6
Summary Duplicate Advisory: ReDos vulnerability of XMLFeedSpider ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cc65-xxvf-f7r9. This link is maintained to preserve external references. ## Original Description Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1333 Inefficient Regular Expression Complexity
System Score Found at
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-7c9g-vj9m-8pm6
cvssv3.1 7.5 https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
generic_textual HIGH https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
cvssv3.1 7.5 https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
generic_textual HIGH https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-1892
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-1892
Reference id Reference type URL
https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
https://nvd.nist.gov/vuln/detail/CVE-2024-1892
GHSA-7c9g-vj9m-8pm6 https://github.com/advisories/GHSA-7c9g-vj9m-8pm6
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-1892
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:31.786193+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-7c9g-vj9m-8pm6/GHSA-7c9g-vj9m-8pm6.json 38.0.0