FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-Scrapy -- DoS vulnerability

Affected packages
py310-Scrapy <= 2.8.0
py311-Scrapy <= 2.8.0
py37-Scrapy <= 2.8.0
py38-Scrapy <= 2.8.0
py39-Scrapy <= 2.8.0


VuXML ID 4eb5dccb-923c-4f18-9cd4-b53f9e28d4d7
Discovery 2017-09-05
Entry 2023-08-31

kmike and nramirezuy report:

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/ and S3FilesStore.


CVE Name CVE-2017-14158