Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider
Vulnerability Description
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Scrapy 安全漏洞
Vulnerability Description
Scrapy是一个用Python编写的自由且开源的网络爬虫框架。 Scrapy存在安全漏洞,该漏洞源于使用易受攻击的正则表达式进行解析,处理恶意响应可能会在解析其内容期间导致极端的 CPU 和内存使用。
CVSS Information
N/A
Vulnerability Type
N/A