Bug 1196638 (CVE-2022-0577)

Summary: VUL-1: CVE-2022-0577: python-Scrapy: Exposure of Sensitive Information to an Unauthorized Actor
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: BasesystemAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: gabriele.sonnu
Version: Leap 15.4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/325125/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2022-03-02 10:16:36 UTC
CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository
scrapy/scrapy prior to 2.6.1.

Only Factory is affected:

SUSE:Factory:Head  python-Scrapy

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577
https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
Comment 1 Benjamin Greiner 2022-03-02 23:59:56 UTC
Submit requests have been issued
Comment 2 OBSbugzilla Bot 2022-03-03 06:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1196638) was mentioned in
https://build.opensuse.org/request/show/958587 Factory / python-Scrapy