FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-Scrapy -- cookie injection vulnerability

Affected packages
py310-Scrapy < 1.8.2
2.0.0 <= py310-Scrapy < 2.6.0
py311-Scrapy < 1.8.2
2.0.0 <= py311-Scrapy < 2.6.0
py37-Scrapy < 1.8.2
2.0.0 <= py37-Scrapy < 2.6.0
py38-Scrapy < 1.8.2
2.0.0 <= py38-Scrapy < 2.6.0
py39-Scrapy < 1.8.2
2.0.0 <= py39-Scrapy < 2.6.0

Details

VuXML ID a5403af6-225e-48ba-b233-bd95ad26434a
Discovery 2022-03-01
Entry 2023-08-31

Responses from domain names whose public domain name suffix contains 1 or more periods (e.g. responses from `example.co.uk`, given its public domain name suffix is `co.uk`) are able to set cookies that are included in requests to any other domain sharing the same domain name suffix.

[source]

References

URL https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.