Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy
Vulnerability Description
In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Scrapy 信息泄露漏洞
Vulnerability Description
Scrapy是一个用Python编写的自由且开源的网络爬虫框架。 Scrapy 2.10.1版本存在信息泄露漏洞,该漏洞源于跨域重定向时未能删除授权标头,将授权标头暴露给未经授权的参与者可能会导致帐户劫持。
CVSS Information
N/A
Vulnerability Type
N/A