Kmike

**Name of the Vulnerable Software and Affected Versions** Scrapy version 1.4 **Description** The issue allows remote attackers to cause a denial of service due to memory consumption via large files. This occurs because the software reads arbitrarily many files into memory. This problem is especially significant if the files are then individually written in a separate thread to a slow storage resource. The interaction between `dataReceived` in `core/downloader/handlers/http11.py` and `S3FilesStore` demonstrates this issue. **Recommendations** For Scrapy version 1.4, consider restricting the size of files that can be read into memory to prevent excessive memory consumption. As a temporary workaround, consider implementing a mechanism to limit the number of files that can be processed simultaneously to minimize the risk of denial of service.