An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cloudflare-scrape_project | cloudflare-scrape | 1.6.7 |
| cloudflare-scrape_project | cloudflare-scrape | 1.6.8 |
| cloudflare-scrape_project | cloudflare-scrape | 1.7.0 |
| cloudflare-scrape_project | cloudflare-scrape | 1.6.6 |
| cloudflare-scrape_project | cloudflare-scrape | 1.7.1 |