CVE-2021-41124, GHSA-823f-cwm9-4g74
pypi/scrapy-splash
Exposure of Sensitive Information to an Unauthorized Actor
Scrapy-splash is a library which provides Scrapy and JavaScript integration.the http_user
and http_pass
spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target.
All versions before 0.8.0
Upgrade to version 0.8.0 or above.
2021-10-22
source |