Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/23766?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23766?format=api", "vulnerability_id": "VCID-1k4b-pr5k-s7e5", "summary": "Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware\n### Impact\n\nSince version 1.4.0, Scrapy respects the `Referrer-Policy` response header to decide whether and how to set a `Referer` header on follow-up requests.\n\nIf the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a referrer policy class (for example, `scrapy.spidermiddlewares.referer.DefaultReferrerPolicy`) and attempting to instantiate it to handle the `Referer` header.\n\nA malicious site could exploit this by setting `Referrer-Policy` to a path such as `sys.exit`, causing Scrapy to import and execute it and potentially terminate the process.\n\n### Patches\n\nUpgrade to Scrapy 2.14.2 (or later).\n\n### Workarounds\n\nIf you cannot upgrade to Scrapy 2.14.2, consider the following mitigations.\n\n- **Disable the middleware:** If you don't need the `Referer` header on follow-up requests, set [`REFERER_ENABLED`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referer-enabled) to `False`.\n- **Set headers manually:** If you do need a `Referer`, disable the middleware and set the header explicitly on the requests that require it.\n- **Set `referrer_policy` in request metadata:** If disabling the middleware is not viable, set the [`referrer_policy`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referrer-policy) request meta key on all requests to prevent evaluating preceding responses' `Referrer-Policy`. For example:\n\n```python\nRequest(\n url,\n meta={\n \"referrer_policy\": \"scrapy.spidermiddlewares.referer.DefaultReferrerPolicy\",\n },\n)\n```\n\nInstead of editing requests individually, you can:\n\n- implement a custom [spider middleware](https://docs.scrapy.org/en/latest/topics/spider-middleware.html) that runs before the built-in referrer policy middleware and sets the `referrer_policy` meta key; or\n- set the meta key in start requests and use the [scrapy-sticky-meta-params](https://github.com/heylouiz/scrapy-sticky-meta-params) plugin to propagate it to follow-up requests.\n\nIf you want to continue respecting legitimate `Referrer-Policy` headers while protecting against malicious ones, disable the built-in referrer policy middleware by setting it to `None` in [`SPIDER_MIDDLEWARES`](https://docs.scrapy.org/en/latest/topics/settings.html#std-setting-SPIDER_MIDDLEWARES) and replace it with the fixed implementation from Scrapy 2.14.2.\n\nIf the Scrapy 2.14.2 implementation is incompatible with your project (for example, because your Scrapy version is older), copy the corresponding middleware from your Scrapy version, apply the same patch, and use that as a replacement.", "aliases": [ { "alias": "GHSA-cwxj-rr6w-m6w7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66774?format=api", "purl": "pkg:pypi/scrapy@2.14.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19058?format=api", "purl": "pkg:pypi/scrapy@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19059?format=api", "purl": "pkg:pypi/scrapy@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19060?format=api", "purl": "pkg:pypi/scrapy@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19061?format=api", "purl": "pkg:pypi/scrapy@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19062?format=api", "purl": "pkg:pypi/scrapy@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19063?format=api", "purl": "pkg:pypi/scrapy@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19064?format=api", "purl": "pkg:pypi/scrapy@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19065?format=api", "purl": "pkg:pypi/scrapy@1.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19066?format=api", "purl": "pkg:pypi/scrapy@1.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19067?format=api", "purl": "pkg:pypi/scrapy@1.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/19068?format=api", "purl": "pkg:pypi/scrapy@1.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19078?format=api", "purl": "pkg:pypi/scrapy@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25479?format=api", "purl": "pkg:pypi/scrapy@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/45160?format=api", "purl": "pkg:pypi/scrapy@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/45161?format=api", "purl": "pkg:pypi/scrapy@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/19069?format=api", "purl": "pkg:pypi/scrapy@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19070?format=api", "purl": "pkg:pypi/scrapy@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19071?format=api", "purl": "pkg:pypi/scrapy@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19072?format=api", "purl": "pkg:pypi/scrapy@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19073?format=api", "purl": "pkg:pypi/scrapy@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19074?format=api", "purl": "pkg:pypi/scrapy@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19075?format=api", "purl": "pkg:pypi/scrapy@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19076?format=api", "purl": "pkg:pypi/scrapy@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19077?format=api", "purl": "pkg:pypi/scrapy@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-4vw6-u8m8-dbe2" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19079?format=api", "purl": "pkg:pypi/scrapy@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-jvzg-u5ks-tkhd" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25480?format=api", "purl": "pkg:pypi/scrapy@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" }, { "vulnerability": "VCID-x9ee-za9y-3fcb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/25481?format=api", "purl": "pkg:pypi/scrapy@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-ugxf-pfaw-rqbm" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45163?format=api", "purl": "pkg:pypi/scrapy@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/45164?format=api", "purl": "pkg:pypi/scrapy@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/45165?format=api", "purl": "pkg:pypi/scrapy@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45166?format=api", "purl": "pkg:pypi/scrapy@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45168?format=api", "purl": "pkg:pypi/scrapy@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45169?format=api", "purl": "pkg:pypi/scrapy@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45170?format=api", "purl": "pkg:pypi/scrapy@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45171?format=api", "purl": "pkg:pypi/scrapy@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45172?format=api", "purl": "pkg:pypi/scrapy@2.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-385b-344t-23es" }, { "vulnerability": "VCID-64nx-aruy-q7gy" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-kgf5-wu3r-pqc6" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45174?format=api", "purl": "pkg:pypi/scrapy@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" }, { "vulnerability": "VCID-nekz-z7zw-mfgz" }, { "vulnerability": "VCID-t5cn-a543-nyag" }, { "vulnerability": "VCID-urb1-hv1z-duga" }, { "vulnerability": "VCID-veaw-n6vt-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46023?format=api", "purl": "pkg:pypi/scrapy@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/841961?format=api", "purl": "pkg:pypi/scrapy@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/841962?format=api", "purl": "pkg:pypi/scrapy@2.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/841963?format=api", "purl": "pkg:pypi/scrapy@2.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/841964?format=api", "purl": "pkg:pypi/scrapy@2.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/146627?format=api", "purl": "pkg:pypi/scrapy@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-dc1m-rt7j-w3af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64781?format=api", "purl": "pkg:pypi/scrapy@2.13.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066282?format=api", "purl": "pkg:pypi/scrapy@2.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/581723?format=api", "purl": "pkg:pypi/scrapy@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4b-pr5k-s7e5" }, { "vulnerability": "VCID-m9gg-8qum-9bh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.1" } ], "references": [ { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/945b787a263586cb5803c01c6da57daad8997ae5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/945b787a263586cb5803c01c6da57daad8997ae5" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7" }, { "reference_url": "https://github.com/advisories/GHSA-cwxj-rr6w-m6w7", "reference_id": "GHSA-cwxj-rr6w-m6w7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwxj-rr6w-m6w7" } ], "weaknesses": [ { "cwe_id": 470, "name": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "description": "The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k4b-pr5k-s7e5" }