exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-3572

почти 2 года назад

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-3572

почти 2 года назад

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-3572

почти 2 года назад

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...

CVSS3: 7.5

EPSS: Низкий

GHSA-7j7m-v7m3-jqm7

почти 2 года назад

Scrapy decompression bomb vulnerability

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-3572 The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.	CVSS3: 7.5	0% Низкий	почти 2 года назад
CVE-2024-3572 The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.	CVSS3: 7.5	0% Низкий	почти 2 года назад
CVE-2024-3572 The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...	CVSS3: 7.5	0% Низкий	почти 2 года назад
GHSA-7j7m-v7m3-jqm7 Scrapy decompression bomb vulnerability	CVSS3: 7.5	0% Низкий	почти 2 года назад

Уязвимостей на страницу