[GHSA-h7wm-ph43-c39p] Scrapy denial of service vulnerability#7369
Conversation
github-actions
bot
changed the base branch from
main
to
G-Rath/advisory-improvement-7369
There was a problem hiding this comment.
Pull request overview
Updates the GitHub-reviewed advisory for GHSA-h7wm-ph43-c39p (Scrapy DoS via memory consumption) to reflect newly assessed affected versions.
Changes:
- Extends the affected range by updating
last_affectedfrom2.14.1to2.15.0. - Slightly bumps the advisory
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "schema_version": "1.4.0", | ||
| "id": "GHSA-h7wm-ph43-c39p", | ||
| "modified": "2026-01-14T19:14:21Z", | ||
| "modified": "2026-01-14T19:14:23Z", |
There was a problem hiding this comment.
The modified timestamp looks like it was only bumped by 2 seconds and does not reflect when this advisory is actually being updated in this PR. Please set modified to the current update time (UTC) so downstream consumers can reliably detect this change.
| "modified": "2026-01-14T19:14:23Z", | |
| "modified": "2026-04-12T00:00:00Z", |
| "introduced": "0.7" | ||
| }, | ||
| { | ||
| "last_affected": "2.14.1" | ||
| "last_affected": "2.15.0" | ||
| } |
There was a problem hiding this comment.
With last_affected now set to 2.15.0, the details text starting with "Scrapy 1.4 allows..." is likely misleading because it reads as if only 1.4 is impacted. Please adjust the wording to reflect the affected version range (e.g., "Scrapy versions ...") so the narrative matches the affected.ranges data.
advisory-database
bot
merged commit cdf1ba8
into
G-Rath/advisory-improvement-7369
|
Hi @G-Rath! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Updates
Comments
New version has been released which does not fix the issue