Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages.
Affected versions of this package are vulnerable to Information Exposure. If you use
HttpAuthMiddleware (i.e. the
http_pass spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as
robots.txt requests sent by Scrapy when the
ROBOTSTXT_OBEY setting is set to
True, or as requests reached through redirects.
Scrapy to version 2.5.1, 1.8.1 or higher.