From 5b68174677c3c9c2311dc264e22c83ef3519f916 Mon Sep 17 00:00:00 2001 From: cookesan <6601329+cookesan@users.noreply.github.com> Date: Tue, 7 Jul 2026 06:48:33 -0400 Subject: [PATCH 1/3] Add Scrapy CVE-2024-1892 NVD reference --- .../2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json index 979f43c5d03c7..bf2b02f0f1660 100644 --- a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json +++ b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json @@ -59,6 +59,10 @@ "type": "WEB", "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1892" + }, { "type": "WEB", "url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5" @@ -97,4 +101,4 @@ "github_reviewed_at": "2024-02-15T15:22:02Z", "nvd_published_at": null } -} \ No newline at end of file +} From 364907300b89fcd98b1ca311711cf6656237fde5 Mon Sep 17 00:00:00 2001 From: cookesan <6601329+cookesan@users.noreply.github.com> Date: Tue, 7 Jul 2026 08:56:31 -0400 Subject: [PATCH 2/3] Add Scrapy XMLFeedSpider fixed release references --- .../GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json index bf2b02f0f1660..b1696c5bfe18a 100644 --- a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json +++ b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json @@ -79,6 +79,22 @@ "type": "WEB", "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14" }, + { + "type": "WEB", + "url": "https://github.com/scrapy/scrapy/releases/tag/1.8.4" + }, + { + "type": "WEB", + "url": "https://github.com/scrapy/scrapy/releases/tag/2.11.1" + }, + { + "type": "WEB", + "url": "https://pypi.org/project/Scrapy/1.8.4" + }, + { + "type": "WEB", + "url": "https://pypi.org/project/Scrapy/2.11.1" + }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml" From b21fe8260fe76e0f1dfe2164f61b8ce9cc449051 Mon Sep 17 00:00:00 2001 From: cookesan <6601329+cookesan@users.noreply.github.com> Date: Tue, 7 Jul 2026 19:29:12 -0400 Subject: [PATCH 3/3] Set Scrapy CVE-2024-1892 NVD published timestamp --- .../2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json index b1696c5bfe18a..906a2ca6bf090 100644 --- a/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json +++ b/advisories/github-reviewed/2024/02/GHSA-cc65-xxvf-f7r9/GHSA-cc65-xxvf-f7r9.json @@ -115,6 +115,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-15T15:22:02Z", - "nvd_published_at": null + "nvd_published_at": "2024-02-28T00:15:53Z" } }