CVE-2021-41124

Exposure of Sensitive Information to an Unauthorized Actor in pypi/scrapy-splash

Identifiers

CVE-2021-41124, GHSA-823f-cwm9-4g74

Package Slug

pypi/scrapy-splash

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

Scrapy-splash is a library which provides Scrapy and JavaScript integration.the http_user and http_pass spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target.

Affected Versions

All versions before 0.8.0

Solution

Upgrade to version 0.8.0 or above.

Last Modified

2021-10-22

source