CVE-2024-1892: Scrapy Xmliter Redos
The `scrapy.utils.iterators.xmliter` function relies on inefficient regular expressions to parse XML nodes, making it vulnerable to Regular Expression Denial of Service (ReDoS) attacks. An attacker can provide a maliciously crafted XML feed that triggers catastrophic backtracking, causing excessive CPU consumption and hanging the process. Replace uses of `xm
Pythongreprules fetch cve-2024-1892-scrapy-xmliter-redos --engine opengrepDescription
The `scrapy.utils.iterators.xmliter` function relies on inefficient regular expressions to parse XML nodes, making it vulnerable to Regular Expression Denial of Service (ReDoS) attacks. An attacker can provide a maliciously crafted XML feed that triggers catastrophic backtracking, causing excessive CPU consumption and hanging the process. Replace uses of `xm
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0