Описание
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 2.12.0-2 |
| esm-apps/bionic | released | 1.5.0-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 1.7.3-1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 2.5.1-2ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 2.11.1-1 |
| esm-apps/xenial | ignored | changes too intrusive |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| mantic | ignored | end of life, was needs-triage |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...
EPSS
6.5 Medium
CVSS3