{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23766?format=json","vulnerability_id":"VCID-1k4b-pr5k-s7e5","summary":"Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware\n### Impact\n\nSince version 1.4.0, Scrapy respects the `Referrer-Policy` response header to decide whether and how to set a `Referer` header on follow-up requests.\n\nIf the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a referrer policy class (for example, `scrapy.spidermiddlewares.referer.DefaultReferrerPolicy`) and attempting to instantiate it to handle the `Referer` header.\n\nA malicious site could exploit this by setting `Referrer-Policy` to a path such as `sys.exit`, causing Scrapy to import and execute it and potentially terminate the process.\n\n### Patches\n\nUpgrade to Scrapy 2.14.2 (or later).\n\n### Workarounds\n\nIf you cannot upgrade to Scrapy 2.14.2, consider the following mitigations.\n\n- **Disable the middleware:** If you don't need the `Referer` header on follow-up requests, set [`REFERER_ENABLED`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referer-enabled) to `False`.\n- **Set headers manually:** If you do need a `Referer`, disable the middleware and set the header explicitly on the requests that require it.\n- **Set `referrer_policy` in request metadata:** If disabling the middleware is not viable, set the [`referrer_policy`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referrer-policy) request meta key on all requests to prevent evaluating preceding responses' `Referrer-Policy`. For example:\n\n```python\nRequest(\n    url,\n    meta={\n        \"referrer_policy\": \"scrapy.spidermiddlewares.referer.DefaultReferrerPolicy\",\n    },\n)\n```\n\nInstead of editing requests individually, you can:\n\n- implement a custom [spider middleware](https://docs.scrapy.org/en/latest/topics/spider-middleware.html) that runs before the built-in referrer policy middleware and sets the `referrer_policy` meta key; or\n- set the meta key in start requests and use the [scrapy-sticky-meta-params](https://github.com/heylouiz/scrapy-sticky-meta-params) plugin to propagate it to follow-up requests.\n\nIf you want to continue respecting legitimate `Referrer-Policy` headers while protecting against malicious ones, disable the built-in referrer policy middleware by setting it to `None` in [`SPIDER_MIDDLEWARES`](https://docs.scrapy.org/en/latest/topics/settings.html#std-setting-SPIDER_MIDDLEWARES) and replace it with the fixed implementation from Scrapy 2.14.2.\n\nIf the Scrapy 2.14.2 implementation is incompatible with your project (for example, because your Scrapy version is older), copy the corresponding middleware from your Scrapy version, apply the same patch, and use that as a replacement.","aliases":[{"alias":"GHSA-cwxj-rr6w-m6w7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66774?format=json","purl":"pkg:pypi/scrapy@2.14.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19058?format=json","purl":"pkg:pypi/scrapy@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19059?format=json","purl":"pkg:pypi/scrapy@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19060?format=json","purl":"pkg:pypi/scrapy@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19061?format=json","purl":"pkg:pypi/scrapy@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/19062?format=json","purl":"pkg:pypi/scrapy@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19063?format=json","purl":"pkg:pypi/scrapy@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19064?format=json","purl":"pkg:pypi/scrapy@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19065?format=json","purl":"pkg:pypi/scrapy@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/19066?format=json","purl":"pkg:pypi/scrapy@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/19067?format=json","purl":"pkg:pypi/scrapy@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/19068?format=json","purl":"pkg:pypi/scrapy@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19078?format=json","purl":"pkg:pypi/scrapy@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/25479?format=json","purl":"pkg:pypi/scrapy@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/45160?format=json","purl":"pkg:pypi/scrapy@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/45161?format=json","purl":"pkg:pypi/scrapy@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/19069?format=json","purl":"pkg:pypi/scrapy@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19070?format=json","purl":"pkg:pypi/scrapy@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19071?format=json","purl":"pkg:pypi/scrapy@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19072?format=json","purl":"pkg:pypi/scrapy@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19073?format=json","purl":"pkg:pypi/scrapy@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19074?format=json","purl":"pkg:pypi/scrapy@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19075?format=json","purl":"pkg:pypi/scrapy@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19076?format=json","purl":"pkg:pypi/scrapy@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19077?format=json","purl":"pkg:pypi/scrapy@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-4vw6-u8m8-dbe2"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19079?format=json","purl":"pkg:pypi/scrapy@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-jvzg-u5ks-tkhd"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/25480?format=json","purl":"pkg:pypi/scrapy@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"},{"vulnerability":"VCID-x9ee-za9y-3fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/25481?format=json","purl":"pkg:pypi/scrapy@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-ugxf-pfaw-rqbm"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/45163?format=json","purl":"pkg:pypi/scrapy@2.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/45164?format=json","purl":"pkg:pypi/scrapy@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/45165?format=json","purl":"pkg:pypi/scrapy@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45166?format=json","purl":"pkg:pypi/scrapy@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/45168?format=json","purl":"pkg:pypi/scrapy@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45169?format=json","purl":"pkg:pypi/scrapy@2.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45170?format=json","purl":"pkg:pypi/scrapy@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45171?format=json","purl":"pkg:pypi/scrapy@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/45172?format=json","purl":"pkg:pypi/scrapy@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-385b-344t-23es"},{"vulnerability":"VCID-64nx-aruy-q7gy"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-kgf5-wu3r-pqc6"},{"vulnerability":"VCID-m9gg-8qum-9bh2"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45174?format=json","purl":"pkg:pypi/scrapy@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"},{"vulnerability":"VCID-nekz-z7zw-mfgz"},{"vulnerability":"VCID-t5cn-a543-nyag"},{"vulnerability":"VCID-urb1-hv1z-duga"},{"vulnerability":"VCID-veaw-n6vt-zfgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/46023?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/841961?format=json","purl":"pkg:pypi/scrapy@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/841962?format=json","purl":"pkg:pypi/scrapy@2.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/841963?format=json","purl":"pkg:pypi/scrapy@2.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/841964?format=json","purl":"pkg:pypi/scrapy@2.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.2"},{"url":"http://public2.vulnerablecode.io/api/packages/146627?format=json","purl":"pkg:pypi/scrapy@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-dc1m-rt7j-w3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/64781?format=json","purl":"pkg:pypi/scrapy@2.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1066282?format=json","purl":"pkg:pypi/scrapy@2.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/581723?format=json","purl":"pkg:pypi/scrapy@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1k4b-pr5k-s7e5"},{"vulnerability":"VCID-m9gg-8qum-9bh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.14.1"}],"references":[{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/945b787a263586cb5803c01c6da57daad8997ae5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/945b787a263586cb5803c01c6da57daad8997ae5"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7"},{"reference_url":"https://github.com/advisories/GHSA-cwxj-rr6w-m6w7","reference_id":"GHSA-cwxj-rr6w-m6w7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwxj-rr6w-m6w7"}],"weaknesses":[{"cwe_id":470,"name":"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')","description":"The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1k4b-pr5k-s7e5"}