CVE-2022-0577 (Medium) detected in Scrapy-1.8.0-py2.py3-none-any.whl
Opened this issue · 0 comments
CVE-2022-0577 - Medium Severity Vulnerability
Vulnerable Library - Scrapy-1.8.0-py2.py3-none-any.whl
A high-level Web Crawling and Web Scraping framework
Library home page: https://files.pythonhosted.org/packages/3b/e4/69b87d7827abf03dea2ea984230d50f347b00a7a3897bc93f6ec3dafa494/Scrapy-1.8.0-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/scrapy-cookies
Path to vulnerable library: /scrapy-cookies
Dependency Hierarchy:
- ❌ Scrapy-1.8.0-py2.py3-none-any.whl (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
Mend Note: Converted from WS-2022-0091, on 2022-11-07.
Publish Date: 2022-03-02
URL: CVE-2022-0577
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-mfjm-vh54-3f96
Release Date: 2022-03-02
Fix Resolution: 1.8.2
Step up your Open Source Security Game with Mend here