Affected versions of this package are vulnerable to Information Exposure. When using
HttpAuthMiddleware (i.e. the
http_pass spider attributes) for Splash authentication, any non-Splash request will expose the credentials to the request target. This includes
robots.txt requests sent by Scrapy when the
ROBOTSTXT_OBEY setting is set to
scrapy-splash to version 0.8.0 or higher.