Описание
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was deferred |
| cosmic | ignored | end of life |
| devel | deferred | 2025-04-09 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | deferred | 2025-04-09 |
| esm-apps/focal | deferred | 2025-04-09 |
| esm-apps/jammy | deferred | 2025-04-09 |
| esm-apps/noble | deferred | 2025-04-09 |
Показывать по
EPSS
7.8 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.
Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...
EPSS
7.8 High
CVSS2
7.5 High
CVSS3