Upstream information
Description
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
SUSE Bugzilla entry: 1222885 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Apr 16 04:00:18 2024CVE page last modified: Tue Apr 23 16:37:57 2024