-
Notifications
You must be signed in to change notification settings - Fork 60
/
PYSEC-2017-83.yaml
111 lines (111 loc) · 1.72 KB
/
PYSEC-2017-83.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
id: PYSEC-2017-83
details: Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption)
via large files because arbitrarily many files are read into memory, which is especially
problematic if the files are then individually written in a separate thread to a
slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py)
and S3FilesStore.
aliases:
- CVE-2017-14158
modified: '2022-03-01T15:19:56.850925Z'
published: '2017-09-05T17:29:00Z'
references:
- type: REPORT
url: https://github.com/scrapy/scrapy/issues/482
- type: ARTICLE
url: http://blog.csdn.net/wangtua/article/details/75228728
affected:
- package:
name: scrapy
ecosystem: PyPI
purl: pkg:pypi/scrapy
ranges:
- type: ECOSYSTEM
events:
- introduced: '0.7'
versions:
- 0.10.4.2364
- 0.12.0.2550
- 0.14.1
- 0.14.2
- 0.14.3
- 0.14.4
- 0.16.0
- 0.16.1
- 0.16.2
- 0.16.3
- 0.16.4
- 0.16.5
- 0.18.0
- 0.18.1
- 0.18.2
- 0.18.3
- 0.18.4
- 0.20.0
- 0.20.1
- 0.20.2
- 0.22.0
- 0.22.1
- 0.22.2
- 0.24.0
- 0.24.1
- 0.24.2
- 0.24.3
- 0.24.4
- 0.24.5
- 0.24.6
- '0.7'
- '0.8'
- '0.9'
- 1.0.0
- 1.0.0rc1
- 1.0.0rc2
- 1.0.0rc3
- 1.0.1
- 1.0.2
- 1.0.3
- 1.0.4
- 1.0.5
- 1.0.6
- 1.0.7
- 1.1.0
- 1.1.0rc1
- 1.1.0rc2
- 1.1.0rc3
- 1.1.0rc4
- 1.1.1
- 1.1.2
- 1.1.3
- 1.1.4
- 1.2.0
- 1.2.1
- 1.2.2
- 1.2.3
- 1.3.0
- 1.3.1
- 1.3.2
- 1.3.3
- 1.4.0
- 1.5.0
- 1.5.1
- 1.5.2
- 1.6.0
- 1.7.0
- 1.7.1
- 1.7.2
- 1.7.3
- 1.7.4
- 1.8.0
- 2.0.0
- 2.0.1
- 2.1.0
- 2.2.0
- 2.2.1
- 2.3.0
- 2.4.0
- 2.4.1
- 2.5.0
- 1.8.1
- 2.5.1
- 2.6.0
- 2.6.1
- 1.8.2