Search criteria
3 vulnerabilities by Gerapy
CVE-2021-32849 (GCVE-0-2021-32849)
Vulnerability from cvelistv5 – Published: 2022-01-26 21:30 – Updated: 2025-04-22 18:27
VLAI
Title
Arbitrary command execution in Gerapy
Summary
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
Severity
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://github.com/Gerapy/Gerapy/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Gerapy/Gerapy/issues/197 | x_refsource_MISC |
| https://github.com/Gerapy/Gerapy/issues/217 | x_refsource_MISC |
| https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tr… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/issues/197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/issues/217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree\u0026ruleFocus=1505994646253"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:45:13.572393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:27:54.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gerapy",
"vendor": "Gerapy",
"versions": [
{
"lessThan": "0.9.9",
"status": "affected",
"version": "0.9.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T21:30:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gerapy/Gerapy/issues/197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gerapy/Gerapy/issues/217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree\u0026ruleFocus=1505994646253"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary command execution in Gerapy",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32849",
"STATE": "PUBLIC",
"TITLE": "Arbitrary command execution in Gerapy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gerapy",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.9.9",
"version_value": "0.9.9"
}
]
}
}
]
},
"vendor_name": "Gerapy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/",
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/"
},
{
"name": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j",
"refsource": "CONFIRM",
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j"
},
{
"name": "https://github.com/Gerapy/Gerapy/issues/197",
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/issues/197"
},
{
"name": "https://github.com/Gerapy/Gerapy/issues/217",
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/issues/217"
},
{
"name": "https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree\u0026ruleFocus=1505994646253",
"refsource": "MISC",
"url": "https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree\u0026ruleFocus=1505994646253"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32849",
"datePublished": "2022-01-26T21:30:14.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:27:54.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43857 (GCVE-0-2021-43857)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:30 – Updated: 2024-08-04 04:10
VLAI
Title
Gerapy may contain remote code execution vulnerability
Summary
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
Severity
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Gerapy/Gerapy/issues/219 | x_refsource_MISC |
| https://github.com/Gerapy/Gerapy/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Gerapy/Gerapy/commit/49bcb19be… | x_refsource_MISC |
| http://packetstormsecurity.com/files/165459/Gerap… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/issues/219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerapy",
"vendor": "Gerapy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-05T18:06:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gerapy/Gerapy/issues/219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "GHSA-9w7f-m4j4-j3xw",
"discovery": "UNKNOWN"
},
"title": "Gerapy may contain remote code execution vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43857",
"STATE": "PUBLIC",
"TITLE": "Gerapy may contain remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerapy",
"version": {
"version_data": [
{
"version_value": "\u003c 0.9.8"
}
]
}
}
]
},
"vendor_name": "Gerapy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Gerapy/Gerapy/issues/219",
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/issues/219"
},
{
"name": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw",
"refsource": "CONFIRM",
"url": "https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw"
},
{
"name": "https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28",
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"
},
{
"name": "http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html"
}
]
},
"source": {
"advisory": "GHSA-9w7f-m4j4-j3xw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43857",
"datePublished": "2021-12-27T18:30:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7698 (GCVE-0-2020-7698)
Vulnerability from cvelistv5 – Published: 2020-07-29 12:40 – Updated: 2024-09-17 00:11
VLAI
Title
Command Injection
Summary
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
Severity
8.1 (High)
CWE
- Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470 | x_refsource_MISC |
| https://github.com/Gerapy/Gerapy/commit/e8446605e… | x_refsource_MISC |
Impacted products
Date Public
2020-07-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gerapy",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "0.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Snyk Security Team"
}
],
"datePublic": "2020-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn\u2019t being sanitized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T12:40:12.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2"
}
],
"title": "Command Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-07-29T12:36:02.297337Z",
"ID": "CVE-2020-7698",
"STATE": "PUBLIC",
"TITLE": "Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gerapy",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
},
{
"version_affected": "\u003c",
"version_value": "0.9.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn\u2019t being sanitized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470"
},
{
"name": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2",
"refsource": "MISC",
"url": "https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7698",
"datePublished": "2020-07-29T12:40:12.518Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:35.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}