Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1892

Published: 28/02/2024 Updated: 16/04/2024

Vulnerability Summary

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.

Vendor Advisories

Debian CVElist Bug Report Logs: python-scrapy: CVE-2024-1892
Debian Bug report logs - #1065111 python-scrapy: CVE-2024-1892 Package: src:python-scrapy; Maintainer for src:python-scrapy is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Feb 2024 21:18:02 UTC Severity: important Tags: security, upstream Fo ...

References

CWE-1333https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26bhttps://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook