CVE-2024-3572
Published: 16 April 2024
Summary
CVE-2024-3572 is a high-severity Data Amplification (CWE-409) vulnerability in Scrapy Scrapy. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 36.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Data Processing Libraries; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048), Exfiltration via AI Inference API (AML.T0024), AI Model Inference API Access (AML.T0040).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0557
Vulnerability details
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network…
more
connections, or circumvent firewalls by submitting specially crafted XML data.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Data Processing Libraries
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Scrapy is a web scraping framework used for data extraction in AI/ML pipelines, particularly for collecting training data; vulnerability reported on AI/ML-focused bug bounty platform (huntr.com).
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE vulnerability enables remote exploitation of XML parsing (T1190), local file disclosure (T1005), SSRF for network service discovery (T1046) and internal proxying to bypass firewalls (T1090.001), and DoS via XML bomb/resource exhaustion (T1499.004).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Limits effects of data amplification from compressed or malicious inputs.