safety-db icon indicating copy to clipboard operation
safety-db copied to clipboard
verified publisher icon pyupio

False Positive for scrapy Vulnerability

Open Matthew-Grayson opened this issue 2 years ago • 1 comments

An update to your vulnerability database on 18 Sep 2023 causes the latest version of scrapy (2.11.0) to be flagged by mistake. Your code scanning tool cites a 2017 CVE that hasn't been updated since September 2017.

CVE-2017-14158 Safety Entry PyPa Advisory Database Entry

Matthew-Grayson avatar Nov 03 '23 16:11 Matthew-Grayson

Hi @Matthew-Grayson. We've re-examined this vulnerability and have found no evidence of a remedy being applied. Should you have any information regarding a fix, please provide the specifics. Until then, we must retain this vulnerability in our database.

harlekeyn avatar Nov 04 '23 02:11 harlekeyn

Closing this one. Feel free to re-open it if you have something more to add!

SCH227 avatar Sep 23 '24 16:09 SCH227