CVE-2017-14158 Information

Description

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory which is especially problematic if the files are then individually written in a separate thread to a slow storage resource as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://blog.csdn.net/wangtua/article/details/75228728 https://github.com/scrapy/scrapy/issues/482

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5