[Git][security-tracker-team/security-tracker][master] Add CVE-2024-1968/python-scrapy

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 21 14:46:11 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9f4731e by Salvatore Bonaccorso at 2024-05-21T15:45:33+02:00
Add CVE-2024-1968/python-scrapy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,7 +97,12 @@ CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0
 CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...)
 	TODO: check
 CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...)
-	TODO: check
+	- python-scrapy 2.11.2-1
+	NOTE: https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a
+	NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f
+	NOTE: https://github.com/scrapy/scrapy/commit/f8d6c456e0669ea5344e93fe9206bd1ffebc2008 (2.11.2)
+	NOTE: https://github.com/scrapy/scrapy/commit/6499214a4f6817e1845073bd167deb33ed5261af (2.11.2)
+	NOTE: https://github.com/scrapy/scrapy/commit/7a1ab7e1be2187daf047f3bf5ed8e9192751b145 (2.11.2)
 CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...)
 	NOT-FOR-US: ASUS
 CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f4731ee9ad459bccd5dc14fdda10fa62ca1ce8

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f4731ee9ad459bccd5dc14fdda10fa62ca1ce8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240521/b7caeef5/attachment.htm>

More information about the debian-security-tracker-commits mailing list