Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • gitlab-org/security-products/gemnasium-db
  • chubbymaggie/gemnasium-db
  • fcatteau/gemnasium-db
  • KJLJon/gemnasium-db
  • caneldem/gemnasium-db
  • Chest1/gemnasium-db
  • kayger44/gemnasium-db
  • brondsem/gemnasium-db
  • ifrenkel/gemnasium-db
  • rusher1/gemnasium-db
  • hristiyan.ivanov/gemnasium-db
  • gonzoyumo/gemnasium-db
  • robw-nom/gemnasium-db
  • westonsteimel/gemnasium-db
  • masahiro331/gemnasium-db
  • cmthomps/gemnasium-db
  • thomas.wesolowski/gemnasium-db
  • chamagwa/gemnasium-db
  • BanzaiMan/gemnasium-db
  • vishal.gupta6/gemnasium-db
  • candrews/gemnasium-db
  • attritionorg/gemnasium-db
  • dbolkensteyn/gemnasium-db
  • Snakefinder/gemnasium-db
  • masakura/gemnasium-db
  • ryan461/gemnasium-db
  • captncraig/gemnasium-db
  • rousey.thomas-heb/advisory-database-test
  • Ferada/gemnasium-db
  • elebow/gemnasium-db
  • Lapantera21/gemnasium-db
  • halfcrazy/gemnasium-db
  • neilcar/gemnasium-db
  • tywayne/gemnasium-db
  • vanschelven/gemnasium-db
  • mjkalasky2/gemnasium-db
  • bm402/gemnasium-db
  • reiner.gerecke/gemnasium-db
  • SunBK201/gemnasium-db
  • williamdes/gemnasium-db
  • niklas.volcz/gemnasium-db
  • whostolebenfrog/gemnasium-db
  • PawelBarbarski/gemnasium-db
  • sify21/gemnasium-db
  • flagosatfluid/gemnasium-db
  • cflucasraab/gemnasium-db
  • wjrarneson78/gemnasium-db
  • Kamoot/gemnasium-db
  • fedemengo/gemnasium-db
  • mrtux/gemnasium-db
  • hkojha601/gemnasium-db
  • jason447/gemnasium-db
  • mschoettle/gemnasium-db
  • greengeko/gemnasium-db
  • aaronsmith1/gemnasium-db
  • dbonino/gemnasium-db
  • davidsalame/gemnasium-db
  • philipcunningham/gemnasium-db
  • BCsabaEngine/gemnasium-db
  • christian.dupuis/gemnasium-db
  • guidobonomi/gemnasium-db
  • bertuxdeveloper/gemnasium-db
  • matthewberrysys/gemnasium-db
  • aantonel-sysdig/gemnasium-db
  • irene221b/gemnasium-db
  • armbiant/gnome-go-advisory-database
66 results
Show changes
Commits on Source (2)
---
identifier: "GHSA-rmqv-7v3j-mr7p"
identifiers:
- "GHSA-rmqv-7v3j-mr7p"
package_slug: "pypi/scrapy"
title: "Duplicate Advisory: Scrapy decompression bomb vulnerability"
description: "## Duplicate Advisory\nThis advisory has been withdrawn because it is
a duplicate of GHSA-7j7m-v7m3-jqm7. This link is maintained to preserve external
references.\n\n## Original Description\nThe scrapy/scrapy project is vulnerable
to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for
parsing untrusted XML data without proper validation. This vulnerability allows
attackers to perform denial of service attacks, access local files, generate network
connections, or circumvent firewalls by submitting specially crafted XML data."
date: "2024-04-16"
pubdate: "2024-04-16"
affected_range: "<2.11.1"
fixed_versions:
- "2.11.1"
affected_versions: "All versions before 2.11.1"
not_impacted: "All versions starting from 2.11.1"
solution: "Upgrade to version 2.11.1 or above."
urls:
- "https://github.com/advisories/GHSA-rmqv-7v3j-mr7p"
- "https://nvd.nist.gov/vuln/detail/CVE-2024-3572"
- "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f"
- "https://github.com/scrapy/scrapy"
- "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb"
cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
uuid: "74f55107-2516-43fe-8b63-2a1553b8fa83"
cwe_ids:
- "CWE-409"
- "CWE-937"
- "CWE-1035"