Skip to content

Add Scrapy CVE-2024-1892 references#8582

Draft
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8582from
cookesan:scrapy-1892-nvd-reference
Draft

Add Scrapy CVE-2024-1892 references#8582
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8582from
cookesan:scrapy-1892-nvd-reference

Conversation

@cookesan

@cookesan cookesan commented Jul 7, 2026

Copy link
Copy Markdown

Summary

  • add the NVD advisory reference for CVE-2024-1892
  • add Scrapy 1.8.4 and 2.11.1 fixed release and PyPI references

Validation

  • confirmed the advisory aliases CVE-2024-1892 and fixes PyPI package scrapy in 1.8.4 and 2.11.1
  • confirmed NVD returns CVE-2024-1892 with status Analyzed and source huntr
  • confirmed Scrapy 1.8.4 and 2.11.1 GitHub release and PyPI package URLs return HTTP 200
  • confirmed Scrapy 1.8.4 contains fix commit 73e7c0ed011a0565a1584b8052ec757b54e5270b
  • confirmed Scrapy 2.11.1 contains fix commit 479619b340f197a8f24c5db45bc068fb8755f2c5
  • confirmed both upstream release notes reference GHSA-cc65-xxvf-f7r9 and the XMLFeedSpider ReDoS fix
  • ran jq empty on the advisory JSON
  • ran git diff --check

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8582 July 7, 2026 10:50
@cookesan cookesan changed the title Add Scrapy CVE-2024-1892 NVD reference Add Scrapy CVE-2024-1892 references Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant