Skip to content

[GHSA-h7wm-ph43-c39p] Scrapy denial of service vulnerability #6640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
G-Rath wants to merge 1 commit into
base: G-Rath/advisory-improvement-6640
Choose a base branch
from
Open

[GHSA-h7wm-ph43-c39p] Scrapy denial of service vulnerability #6640

G-Rath wants to merge 1 commit into from
+2 −2

Conversation

@G-Rath
Copy link

@G-Rath G-Rath commented Jan 12, 2026

Updates

  • Affected products

Comments
Updated impacted versions

Copilot AI review requested due to automatic review settings January 12, 2026 20:41
@github-actions github-actions bot changed the base branch from main to G-Rath/advisory-improvement-6640 January 12, 2026 20:42
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates a GitHub Security Advisory (GHSA-h7wm-ph43-c39p) for a Scrapy denial of service vulnerability (CVE-2017-14158). The changes expand the range of affected versions and modify the advisory's timestamp.

Changes:

  • Updated the last affected version from 2.11.1 to 2.14.1 to reflect a broader range of vulnerable Scrapy versions
  • Modified the advisory's timestamp (appears to be reverting to an earlier date)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

advisories/github-reviewed/2022/05/GHSA-h7wm-ph43-c39p/GHSA-h7wm-ph43-c39p.json
"schema_version": "1.4.0",
"id": "GHSA-h7wm-ph43-c39p",
"modified": "2024-10-23T18:38:06Z",
"modified": "2024-02-20T19:56:53Z",
Copy link

Copilot AI Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The modified timestamp is being changed from a later date (2024-10-23) to an earlier date (2024-02-20), which moves the timestamp backwards by approximately 8 months. This appears incorrect - the modified field should reflect when the advisory was last updated and should typically move forward in time, not backward. If this is truly a correction of an incorrect timestamp, it should be clearly documented why the timestamp is being reverted.

Suggested change
"modified": "2024-02-20T19:56:53Z",
"modified": "2024-10-23T00:00:00Z",

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@G-Rath