CVE Database · CVE-2017-14158
CVSS v3.1
N/A
EPSS
1.91%
Published
Sep 5, 2017
Modified
May 12, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.
Weaknesses (CWE)
Affected Products (1)
References (4)
