A flaw was found in python-scrapy. If you manually define cookies on a Request object, and that Request object gets a redirect response, the new Request object scheduled to follow the redirect keeps those user-defined cookies, regardless of the target domain. References: https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8 https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
Created python-scrapy tracking bugs for this issue: Affects: fedora-all [bug 2060004]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.