CVE-2017-14158
HIGHScrapy - Denial of Service via Large File Memory Consumption
Title source: llmDescription
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/scrapy/scrapy/issues/482
Exploit, Third Party Advisory x_refsource_misc
http://blog.csdn.net/wangtua/article/details/75228728
Scores
CVSS v3
7.5
EPSS
0.0191
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
pypi/scrapy
0.7 - 2.15.2PyPI
scrapy/scrapy
1.4
Published
Sep 05, 2017
Tracked Since
Feb 18, 2026