Upstream information

CVE-2024-3574 at MITRE


In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1222886 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Tue Apr 16 04:00:19 2024
CVE page last modified: Thu May 30 16:41:45 2024