A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.
References
Configurations
No configuration.
History
16 Apr 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive. |
28 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-28 00:15
Updated : 2024-04-16 12:15
NVD link : CVE-2024-1892
Mitre link : CVE-2024-1892
CVE.ORG link : CVE-2024-1892
JSON object : View
Products Affected
No product.
CWE
CWE-1333
Inefficient Regular Expression Complexity