CVE-2022-0577 — Sensitive Information Exposure in Scrapy

CWE-200 — Sensitive Information Exposure CWE-863 — Incorrect Authorization CWE-121 — Stack-based Buffer Overflow CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Scrapy Scrapy Scrapy Debian Python-scrapy +1 more

Timeline

PublishedMar 2

Latest updateMay 5

Description

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDscrapy/scrapy< 2.6.1

▶PyPIscrapy/scrapy2.0.0 — 2.6.1+1

▶CVEListV5scrapy/scrapy_scrapyunspecified — 2.6.1

▶debiandebian/python-scrapy< python-scrapy 2.6.1-1 (bookworm)

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

python-scrapy vulnerabilities↗2025-05-05

▶

OSV

CVE-2022-0577: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2↗2022-03-02

▶

OSV

Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy↗2022-03-01

▶

GHSA

Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy↗2022-03-01

▶

📋Vendor Advisories

Ubuntu

Scrapy vulnerabilities↗2025-05-05

▶

Red Hat

vim: stack buffer overflow in ex_finally() in ex_eval.c↗2022-09-25

▶

Debian

CVE-2022-0577: python-scrapy - Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ...↗2022

▶