CVE-2017-7235: cfscrape Improper Input Validation vulnerability
(updated )
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.
References
- github.com/Anorov/cloudflare-scrape
- github.com/Anorov/cloudflare-scrape/issues/97
- github.com/Anorov/cloudflare-scrape/releases/tag/1.8.0
- github.com/advisories/GHSA-5mc5-5j6c-qmf9
- github.com/pypa/advisory-database/tree/main/vulns/cfscrape/PYSEC-2017-7.yaml
- nvd.nist.gov/vuln/detail/CVE-2017-7235
- web.archive.org/web/20170701161512/http://www.securityfocus.com/bid/97191
Code Behaviors & Features
Detect and mitigate CVE-2017-7235 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →