{"url":"http://public2.vulnerablecode.io/api/packages/994524?format=json","purl":"pkg:deb/debian/python-scrapy@2.12.0-2","type":"deb","namespace":"debian","name":"python-scrapy","version":"2.12.0-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.14.2-1","latest_non_vulnerable_version":"2.15.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22199?format=json","vulnerability_id":"VCID-dc1m-rt7j-w3af","summary":"Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation\nScrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08068","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09633","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09795","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09763","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09747","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11087","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176"},{"reference_url":"https://github.com/google/brotli","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli"},{"reference_url":"https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627"},{"reference_url":"https://github.com/google/brotli/issues/1327","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/issues/1327"},{"reference_url":"https://github.com/google/brotli/issues/1375","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/issues/1375"},{"reference_url":"https://github.com/google/brotli/pull/1234","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/pull/1234"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.2.0"},{"reference_url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da"},{"reference_url":"https://github.com/scrapy/scrapy/pull/7134","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/pull/7134"},{"reference_url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/"}],"url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762","reference_id":"2408762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176","reference_id":"CVE-2025-6176","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176"},{"reference_url":"https://github.com/advisories/GHSA-2qfp-q593-8484","reference_id":"GHSA-2qfp-q593-8484","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qfp-q593-8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0008","reference_id":"RHSA-2026:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0845","reference_id":"RHSA-2026:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2042","reference_id":"RHSA-2026:2042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2226","reference_id":"RHSA-2026:2226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2227","reference_id":"RHSA-2026:2227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2228","reference_id":"RHSA-2026:2228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2229","reference_id":"RHSA-2026:2229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2389","reference_id":"RHSA-2026:2389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2399","reference_id":"RHSA-2026:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2400","reference_id":"RHSA-2026:2400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2401","reference_id":"RHSA-2026:2401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2455","reference_id":"RHSA-2026:2455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2844","reference_id":"RHSA-2026:2844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2976","reference_id":"RHSA-2026:2976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3392","reference_id":"RHSA-2026:3392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3417","reference_id":"RHSA-2026:3417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4465","reference_id":"RHSA-2026:4465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4465"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026121?format=json","purl":"pkg:deb/debian/python-scrapy@2.14.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089410?format=json","purl":"pkg:deb/debian/python-scrapy@2.15.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.15.1-1"}],"aliases":["CVE-2025-6176","GHSA-2qfp-q593-8484"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15210?format=json","vulnerability_id":"VCID-385b-344t-23es","summary":"Scrapy decompression bomb vulnerability\n### Impact\n\nScrapy limits allowed response sizes by default through the [`DOWNLOAD_MAXSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-maxsize) and [`DOWNLOAD_WARNSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-warnsize) settings.\n\nHowever, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to [decompression bombs](https://cwe.mitre.org/data/definitions/409.html).\n\nA malicious website being scraped could send a small response that, on decompression, could exhaust the memory available to the Scrapy process, potentially affecting any other process sharing that memory, and affecting disk usage in case of uncompressed response caching.\n\n### Patches\n\nUpgrade to Scrapy 2.11.1.\n\nIf you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.\n\n### Workarounds\n\nThere is no easy workaround.\n\nDisabling HTTP decompression altogether is impractical, as HTTP compression is a rather common practice.\n\nHowever, it is technically possible to manually backport the 2.11.1 or 1.8.4 fix, replacing the corresponding components of an unpatched version of Scrapy with patched versions copied into your own code.\n\n### Acknowledgements\n\nThis security issue was reported by @dmandefy  [through huntr.com](https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb/).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3572","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36157","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36503","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36559","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36576","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36556","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36584","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36565","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36643","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5"},{"reference_url":"https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"}],"url":"https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7"},{"reference_url":"https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"}],"url":"https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3572","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3572"},{"reference_url":"https://github.com/advisories/GHSA-7j7m-v7m3-jqm7","reference_id":"GHSA-7j7m-v7m3-jqm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7j7m-v7m3-jqm7"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994524?format=json","purl":"pkg:deb/debian/python-scrapy@2.12.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2"}],"aliases":["CVE-2024-3572","GHSA-7j7m-v7m3-jqm7","GMS-2024-327"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-385b-344t-23es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12569?format=json","vulnerability_id":"VCID-64nx-aruy-q7gy","summary":"A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1892","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18063","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18106","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18161","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18415","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18118","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18203","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18259","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14"},{"reference_url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"}],"url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5"},{"reference_url":"https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9"},{"reference_url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"}],"url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111","reference_id":"1065111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111"},{"reference_url":"https://github.com/advisories/GHSA-cc65-xxvf-f7r9","reference_id":"GHSA-cc65-xxvf-f7r9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cc65-xxvf-f7r9"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994524?format=json","purl":"pkg:deb/debian/python-scrapy@2.12.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2"}],"aliases":["CVE-2024-1892","GHSA-cc65-xxvf-f7r9","GMS-2024-287","PYSEC-2024-162"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64nx-aruy-q7gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15539?format=json","vulnerability_id":"VCID-kgf5-wu3r-pqc6","summary":"Scrapy authorization header leakage on cross-domain redirect\n### Impact\n\nWhen you send a request with the `Authorization` header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original `Authorization` header, leaking its content to that second domain.\n\nThe [right behavior](https://fetch.spec.whatwg.org/#ref-for-cors-non-wildcard-request-header-name) would be to drop the `Authorization` header instead, in this scenario.\n\n### Patches\n\nUpgrade to Scrapy 2.11.1.\n\nIf you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.\n\n### Workarounds\n\nIf you cannot upgrade, make sure that you are not using the `Authentication` header, either directly or through some third-party plugin.\n\nIf you need to use that header in some requests, add `\"dont_redirect\": True` to the `request.meta` dictionary of those requests to disable following redirects for them.\n\nIf you need to keep (same domain) redirect support on those requests, make sure you trust the target website not to redirect your requests to a different domain.\n\n### Acknowledgements\n\nThis security issue was reported by @ranjit-git  [through huntr.com](https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9/).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3574","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31225","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30996","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31157","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31187","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31259","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31255","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv"},{"reference_url":"https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/"}],"url":"https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3574","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3574"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994524?format=json","purl":"pkg:deb/debian/python-scrapy@2.12.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2"}],"aliases":["CVE-2024-3574","GHSA-cw9j-q3vf-hrrv","GMS-2024-288"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf5-wu3r-pqc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12829?format=json","vulnerability_id":"VCID-urb1-hv1z-duga","summary":"In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1968","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.4063","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40713","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40898","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40928","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40886","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40868","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40939","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/"}],"url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f"},{"reference_url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/"}],"url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a"},{"reference_url":"https://github.com/advisories/GHSA-4qqq-9vqf-3h3f","reference_id":"GHSA-4qqq-9vqf-3h3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qqq-9vqf-3h3f"},{"reference_url":"https://usn.ubuntu.com/7476-1/","reference_id":"USN-7476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994524?format=json","purl":"pkg:deb/debian/python-scrapy@2.12.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2"}],"aliases":["CVE-2024-1968","GHSA-4qqq-9vqf-3h3f","PYSEC-2024-258"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urb1-hv1z-duga"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2"}