VDB
CVE-2022-0577
CVE-2022-0577
PUBLISHED
CVSS 8.800000190734863 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
EPSS 0.21% · 43.4th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.21%
43.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| scrapy | scrapy | 0 |
| scrapy | scrapy/scrapy | unspecified |
| debian | debian_linux | 9.0 |
| PyPI | scrapy | 2.0.0, 0 |
Exploit Intelligence
Timeline
- Mar 1, 2022 CVE Published
- Mar 2, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Jun 13, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 26, 2022 EPSS Score
- Nov 16, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Feb 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 21, 2023 EPSS Score
- Jun 11, 2023 EPSS Score
References
- https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 url
- https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a url
- [debian-lts-announce] 20220316 [SECURITY] [DLA 2950-1] python-scrapy security update mailing-list
- https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-0577 advisory
- https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml url
- https://github.com/scrapy/scrapy package