Several security issues were fixed in python-scrapy.
Software Description:
- python-scrapy: Python web scraping and crawling framework
Details:
It was discovered that Scrapy improperly exposed HTTP authentication
credentials to request targets, including during redirects. An attacker
could use this issue to gain unauthorized access to user accounts. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-41125)
It was discovered that Scrapy did not remove the cookie header during
cross-domain redirects. An attacker could possibly use this issue to gain
unauthorized access to user accounts. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0577)
It was discovered that Scrapy inefficiently parsed XML content. An
attacker could use this issue to cause a denial of service by sending a
crafted XML response. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2024-18...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-scrapy 2.11.1-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-scrapy 2.5.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python3-scrapy 1.7.3-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-scrapy 1.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-scrapy 1.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7476-1
CVE-2021-41125, CVE-2022-0577, CVE-2024-1892, CVE-2024-1968,
CVE-2024-3572, CVE-2024-3574
Get the latest Linux and open source security news straight to your inbox.