CNNVD-202510-4458 Information

CNNVD ID

CNNVD-202510-4458

Related CVE

CVE-2025-6176

• CNNVD Published: 2025-10-31

Description (Chinese)

Scrapy是Scrapy开源的一个用Python编写的自由且开源的网络爬虫框架。 Scrapy 2.13.2及之前版本存在资源管理错误漏洞，该漏洞源于brotli解压实现存在缺陷，可能导致拒绝服务攻击。

Description (English)

Scrapy is a free and open-source web reptile framework developed by Python. Scrapy 2.13.2 and previous versions had an error in resource management, which stemmed from deficiencies in the implementation of the brotli decompression, which could lead to a denial of service attack.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

Scrapy

Published

2025-10-31

Last Modified

2026-02-24

References

https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0

Patch

https://www.scrapy.org/