Source: python-scrapy Version: 1.5.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.4.1-2 Control: found -1 2.5.1-2
Hi, The following vulnerability was published for python-scrapy. CVE-2022-0577[0]: | Exposure of Sensitive Information to an Unauthorized Actor in GitHub | repository scrapy/scrapy prior to 2.6.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577 [1] https://github.com/advisories/GHSA-cjvr-mfj7-j4j8 [2] https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 [3] https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a Please adjust the affected versions in the BTS as needed. Regards, Salvatore