Vulnerability Description
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gerapy | Gerapy | < 0.9.9 |
Related Weaknesses (CWE)
References
- https://github.com/Gerapy/Gerapy/issues/197Issue TrackingThird Party Advisory
- https://github.com/Gerapy/Gerapy/issues/217Issue TrackingThird Party Advisory
- https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5jExploitIssue TrackingThird Party Advisory
- https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253ExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/ExploitThird Party Advisory
- https://github.com/Gerapy/Gerapy/issues/197Issue TrackingThird Party Advisory
- https://github.com/Gerapy/Gerapy/issues/217Issue TrackingThird Party Advisory
- https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5jExploitIssue TrackingThird Party Advisory
- https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253ExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/ExploitThird Party Advisory
FAQ
What is CVE-2021-32849?
CVE-2021-32849 is a vulnerability with a CVSS score of 8.8 (HIGH). Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workaroun...
How severe is CVE-2021-32849?
CVE-2021-32849 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32849?
Check the references section above for vendor advisories and patch information. Affected products include: Gerapy Gerapy.