Bug 1196638 - (CVE-2022-0577) VUL-1: CVE-2022-0577: python-Scrapy: Exposure of Sensitive Information to an Unauthorized Actor
(CVE-2022-0577)
VUL-1: CVE-2022-0577: python-Scrapy: Exposure of Sensitive Information to an ...
Status: IN_PROGRESS
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.4
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/325125/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-02 10:16 UTC by Alexander Bergmann
Modified: 2022-05-28 21:59 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-03-02 10:16:36 UTC
CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository
scrapy/scrapy prior to 2.6.1.

Only Factory is affected:

SUSE:Factory:Head  python-Scrapy

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577
https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
Comment 1 Benjamin Greiner 2022-03-02 23:59:56 UTC
Submit requests have been issued
Comment 2 OBSbugzilla Bot 2022-03-03 06:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1196638) was mentioned in
https://build.opensuse.org/request/show/958587 Factory / python-Scrapy