FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-Scrapy -- DoS vulnerability

Affected packages
py310-Scrapy <= 2.8.0
py311-Scrapy <= 2.8.0
py37-Scrapy <= 2.8.0
py38-Scrapy <= 2.8.0
py39-Scrapy <= 2.8.0

Details

VuXML ID 4eb5dccb-923c-4f18-9cd4-b53f9e28d4d7
Discovery 2017-09-05
Entry 2023-08-31

kmike and nramirezuy report:

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.

[source]

References

CVE Name CVE-2017-14158
URL https://osv.dev/vulnerability/GHSA-h7wm-ph43-c39p
URL https://osv.dev/vulnerability/PYSEC-2017-83

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.