{"url":"http://public2.vulnerablecode.io/api/packages/66600?format=json","purl":"pkg:pypi/scrapy@1.0.1","type":"pypi","namespace":"","name":"scrapy","version":"1.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.14.2","latest_non_vulnerable_version":"2.14.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211895?format=json","vulnerability_id":"VCID-1cdj-272n-qfgu","summary":"Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1968","reference_id":"CVE-2024-1968","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1968"},{"reference_url":"https://github.com/advisories/GHSA-cg34-w3fm-82h3","reference_id":"GHSA-cg34-w3fm-82h3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg34-w3fm-82h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31063?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"}],"aliases":["GHSA-cg34-w3fm-82h3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cdj-272n-qfgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197544?format=json","vulnerability_id":"VCID-2562-r6m9-jbfw","summary":"information disclosure","references":[{"reference_url":"http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41125","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48767","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48903","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41125","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41125"},{"reference_url":"https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header"},{"reference_url":"https://security.archlinux.org/AVG-2447","reference_id":"AVG-2447","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2447"},{"reference_url":"https://github.com/advisories/GHSA-jwqp-28gf-p498","reference_id":"GHSA-jwqp-28gf-p498","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwqp-28gf-p498"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66643?format=json","purl":"pkg:pypi/scrapy@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-ez8c-3cp8-dkd9"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/66644?format=json","purl":"pkg:pypi/scrapy@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-ez8c-3cp8-dkd9"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1"}],"aliases":["CVE-2021-41125","GHSA-jwqp-28gf-p498","PYSEC-2021-363"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2562-r6m9-jbfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111274?format=json","vulnerability_id":"VCID-9dkx-sw7r-jkhz","summary":"Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10618","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10559","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176"},{"reference_url":"https://github.com/google/brotli","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli"},{"reference_url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da"},{"reference_url":"https://github.com/scrapy/scrapy/pull/7134","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/pull/7134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762","reference_id":"2408762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762"},{"reference_url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0","reference_id":"2c26a886-5984-47ee-a421-0d5fe1344eb0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/"}],"url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176","reference_id":"CVE-2025-6176","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176"},{"reference_url":"https://github.com/advisories/GHSA-2qfp-q593-8484","reference_id":"GHSA-2qfp-q593-8484","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qfp-q593-8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0008","reference_id":"RHSA-2026:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0845","reference_id":"RHSA-2026:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2042","reference_id":"RHSA-2026:2042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2226","reference_id":"RHSA-2026:2226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2227","reference_id":"RHSA-2026:2227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2228","reference_id":"RHSA-2026:2228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2229","reference_id":"RHSA-2026:2229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2389","reference_id":"RHSA-2026:2389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2399","reference_id":"RHSA-2026:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2400","reference_id":"RHSA-2026:2400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2401","reference_id":"RHSA-2026:2401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2455","reference_id":"RHSA-2026:2455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2844","reference_id":"RHSA-2026:2844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2976","reference_id":"RHSA-2026:2976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3392","reference_id":"RHSA-2026:3392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3417","reference_id":"RHSA-2026:3417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4465","reference_id":"RHSA-2026:4465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5970","reference_id":"RHSA-2026:5970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5971","reference_id":"RHSA-2026:5971","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5971"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34940?format=json","purl":"pkg:pypi/scrapy@2.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.4"}],"aliases":["CVE-2025-6176","GHSA-2qfp-q593-8484"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkx-sw7r-jkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208316?format=json","vulnerability_id":"VCID-a9vb-7v47-ybdc","summary":"Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0577","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43449","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43605","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a"},{"reference_url":"https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234","reference_id":"1008234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0577","reference_id":"CVE-2022-0577","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0577"},{"reference_url":"https://github.com/advisories/GHSA-cjvr-mfj7-j4j8","reference_id":"GHSA-cjvr-mfj7-j4j8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjvr-mfj7-j4j8"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8","reference_id":"GHSA-cjvr-mfj7-j4j8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19537?format=json","purl":"pkg:pypi/scrapy@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/19536?format=json","purl":"pkg:pypi/scrapy@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1"}],"aliases":["CVE-2022-0577","GHSA-cjvr-mfj7-j4j8","PYSEC-2022-159"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9vb-7v47-ybdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211768?format=json","vulnerability_id":"VCID-atbn-f4xt-7fdr","summary":"Scrapy allows redirect following in protocols other than HTTP","references":[{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6"},{"reference_url":"https://github.com/scrapy/scrapy/issues/457","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/issues/457"},{"reference_url":"https://github.com/advisories/GHSA-23j4-mw76-5v7h","reference_id":"GHSA-23j4-mw76-5v7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23j4-mw76-5v7h"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h","reference_id":"GHSA-23j4-mw76-5v7h","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31063?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"}],"aliases":["GHSA-23j4-mw76-5v7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atbn-f4xt-7fdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208319?format=json","vulnerability_id":"VCID-ez8c-3cp8-dkd9","summary":"Scrapy cookie-setting is not restricted based on the public suffix list","references":[{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a"},{"reference_url":"https://github.com/advisories/GHSA-mfjm-vh54-3f96","reference_id":"GHSA-mfjm-vh54-3f96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfjm-vh54-3f96"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96","reference_id":"GHSA-mfjm-vh54-3f96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19537?format=json","purl":"pkg:pypi/scrapy@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/19538?format=json","purl":"pkg:pypi/scrapy@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.0"}],"aliases":["GHSA-mfjm-vh54-3f96","GMS-2022-230"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ez8c-3cp8-dkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54742?format=json","vulnerability_id":"VCID-nkga-85ed-73d1","summary":"A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1892","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18636","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18474","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111","reference_id":"1065111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111"},{"reference_url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b","reference_id":"271f94f2-1e05-4616-ac43-41752389e26b","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"}],"url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b"},{"reference_url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5","reference_id":"479619b340f197a8f24c5db45bc068fb8755f2c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"}],"url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1892","reference_id":"CVE-2024-1892","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1892"},{"reference_url":"https://github.com/advisories/GHSA-cc65-xxvf-f7r9","reference_id":"GHSA-cc65-xxvf-f7r9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cc65-xxvf-f7r9"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9","reference_id":"GHSA-cc65-xxvf-f7r9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29048?format=json","purl":"pkg:pypi/scrapy@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29050?format=json","purl":"pkg:pypi/scrapy@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1"}],"aliases":["CVE-2024-1892","GHSA-cc65-xxvf-f7r9","GMS-2024-287","PYSEC-2024-162"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkga-85ed-73d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204882?format=json","vulnerability_id":"VCID-q9yh-76fr-ebb1","summary":"Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.","references":[{"reference_url":"http://blog.csdn.net/wangtua/article/details/75228728","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.csdn.net/wangtua/article/details/75228728"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14158","reference_id":"","reference_type":"","scores":[{"value":"0.01495","scoring_system":"epss","scoring_elements":"0.81485","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01495","scoring_system":"epss","scoring_elements":"0.81545","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158"},{"reference_url":"https://github.com/advisories/GHSA-h7wm-ph43-c39p","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7wm-ph43-c39p"},{"reference_url":"https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/issues/482","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/issues/482"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14158","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14158"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947","reference_id":"875947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947"}],"fixed_packages":[],"aliases":["CVE-2017-14158","GHSA-h7wm-ph43-c39p","PYSEC-2017-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yh-76fr-ebb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64686?format=json","vulnerability_id":"VCID-sbyb-vfh4-23fn","summary":"The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3572","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36781","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3696","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5"},{"reference_url":"https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f","reference_id":"809bfac4890f75fc73607318a04d2ccba71b3d9f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"}],"url":"https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f"},{"reference_url":"https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb","reference_id":"c4a0fac9-0c5a-4718-9ee4-2d06d58adabb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"}],"url":"https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3572","reference_id":"CVE-2024-3572","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3572"},{"reference_url":"https://github.com/advisories/GHSA-7j7m-v7m3-jqm7","reference_id":"GHSA-7j7m-v7m3-jqm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7j7m-v7m3-jqm7"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7","reference_id":"GHSA-7j7m-v7m3-jqm7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29048?format=json","purl":"pkg:pypi/scrapy@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29050?format=json","purl":"pkg:pypi/scrapy@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1"}],"aliases":["CVE-2024-3572","GHSA-7j7m-v7m3-jqm7","GMS-2024-327"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyb-vfh4-23fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211767?format=json","vulnerability_id":"VCID-u15g-aqdp-nkgm","summary":"Scrapy's redirects ignoring scheme-specific proxy settings","references":[{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/issues/767","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/issues/767"},{"reference_url":"https://github.com/advisories/GHSA-jm3v-qxmh-hxwv","reference_id":"GHSA-jm3v-qxmh-hxwv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jm3v-qxmh-hxwv"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv","reference_id":"GHSA-jm3v-qxmh-hxwv","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31063?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"}],"aliases":["GHSA-jm3v-qxmh-hxwv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u15g-aqdp-nkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64477?format=json","vulnerability_id":"VCID-v4cu-4n5q-wfhj","summary":"In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3574","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30746","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30944","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae"},{"reference_url":"https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9","reference_id":"49974321-2718-43e3-a152-62b16eed72a9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/"}],"url":"https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9"},{"reference_url":"https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75","reference_id":"5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/"}],"url":"https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3574","reference_id":"CVE-2024-3574","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3574"},{"reference_url":"https://github.com/advisories/GHSA-cw9j-q3vf-hrrv","reference_id":"GHSA-cw9j-q3vf-hrrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw9j-q3vf-hrrv"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv","reference_id":"GHSA-cw9j-q3vf-hrrv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29048?format=json","purl":"pkg:pypi/scrapy@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29050?format=json","purl":"pkg:pypi/scrapy@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1"}],"aliases":["CVE-2024-3574","GHSA-cw9j-q3vf-hrrv","GMS-2024-288"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4cu-4n5q-wfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18134?format=json","vulnerability_id":"VCID-xjb6-86c9-3bh4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1968","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40765","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40932","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8","reference_id":"1d0502f25bbe55a22899af915623fda1aaeb9dd8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/"}],"url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8"},{"reference_url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a","reference_id":"27f6a021-a891-446a-ada5-0226d619dd1a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/"}],"url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1968","reference_id":"CVE-2024-1968","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1968"},{"reference_url":"https://github.com/advisories/GHSA-4qqq-9vqf-3h3f","reference_id":"GHSA-4qqq-9vqf-3h3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qqq-9vqf-3h3f"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f","reference_id":"GHSA-4qqq-9vqf-3h3f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19535?format=json","purl":"pkg:pypi/scrapy@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cdj-272n-qfgu"},{"vulnerability":"VCID-2562-r6m9-jbfw"},{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-a9vb-7v47-ybdc"},{"vulnerability":"VCID-atbn-f4xt-7fdr"},{"vulnerability":"VCID-ez8c-3cp8-dkd9"},{"vulnerability":"VCID-nkga-85ed-73d1"},{"vulnerability":"VCID-q9yh-76fr-ebb1"},{"vulnerability":"VCID-sbyb-vfh4-23fn"},{"vulnerability":"VCID-sp4d-d9r7-ekav"},{"vulnerability":"VCID-u15g-aqdp-nkgm"},{"vulnerability":"VCID-v4cu-4n5q-wfhj"},{"vulnerability":"VCID-xjb6-86c9-3bh4"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/31063?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dkx-sw7r-jkhz"},{"vulnerability":"VCID-zww5-7cb3-fkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"}],"aliases":["CVE-2024-1968","GHSA-4qqq-9vqf-3h3f","PYSEC-2024-258"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjb6-86c9-3bh4"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.0.1"}