[Git][security-tracker-team/security-tracker][master] new scrapy issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 16 09:53:30 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15a3ce25 by Moritz Muehlenhoff at 2024-04-16T10:53:05+02:00
new scrapy issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,17 @@
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
 	TODO: check
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...)
-	TODO: check
+	- python-scrapy 2.11.1-1
+	NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
+	NOTE: https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
+	NOTE: https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 (2.11.1)
 CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impro ...)
 	NOT-FOR-US: mlflow
 CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...)
-	TODO: check
+	- python-scrapy 2.11.1-1
+	NOTE: https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb
+	NOTE: https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f (2.11.1)
+	NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
 CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...)
 	NOT-FOR-US: langchain
 CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15a3ce25d321469ad2314ef9ab356a064fb722d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15a3ce25d321469ad2314ef9ab356a064fb722d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240416/1e8f1d4a/attachment.htm>

More information about the debian-security-tracker-commits mailing list