Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.04 LTS: USN-7476-1 moderate: python-scrapy denial of service

ubuntu
Calendar Grey May 6, 2025
Dist Ubuntu Esm H88
Various bugs in Python Scrapy framework were patched in Ubuntu versions ranging from 18.04 to 24.04 LTS. Discover the specifics about these improvements.
Several security issues were fixed in python-scrapy.

Summary

Several security issues were fixed in python-scrapy.

Software Description:

- python-scrapy: Python web scraping and crawling framework

Details:

It was discovered that Scrapy improperly exposed HTTP authentication

credentials to request targets, including during redirects. An attacker

could use this issue to gain unauthorized access to user accounts. This

issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-41125)

It was discovered that Scrapy did not remove the cookie header during

cross-domain redirects. An attacker could possibly use this issue to gain

unauthorized access to user accounts. This issue only affected Ubuntu 18.04

LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0577)

It was discovered that Scrapy inefficiently parsed XML content. An

attacker could use this issue to cause a denial of service by sending a

crafted XML response. This issue only affected Ubuntu 18.04 LTS,

Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2024-18...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   python3-scrapy                  2.11.1-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   python3-scrapy                  2.5.1-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   python3-scrapy                  1.7.3-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   python-scrapy                   1.5.0-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python3-scrapy                  1.5.0-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7476-1

CVE-2021-41125, CVE-2022-0577, CVE-2024-1892, CVE-2024-1968,

CVE-2024-3572, CVE-2024-3574

Ubuntu Security Notice USN-7476-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here