A vulnerability was found in Scrapy up to 1.8.0/2.5.0 and classified as problematic. This issue affects the function w3lib.http.basic_auth_header of the component HttpAuthMiddleware. Upgrading to version 1.8.1 or 2.5.1 eliminates this vulnerability. Applying the patch b01d69a1bf48060daec8f751368622352d8b85a6 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Scrapy up to 1.8.0/2.5.0 HttpAuthMiddleware w3lib.http.basic_auth_header http_user/http_pass information disclosure
- Virtual Patching
- October 7, 2021
- 7:09 am
- Virtual Patching
- October 7, 2021
- 7:09 am
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION
Description Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability,
CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR
Description The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this
CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION
Description This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets