Vulnerability CVE-2021-43857


Published: 2021-12-27

Description:
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

See advisories in our WLB2 database:
Topic
Author
Date
High
Gerapy 0.9.7 Remote Code Execution
Jeremiasz Pluta
05.01.2022

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw
https://github.com/Gerapy/Gerapy/issues/219
https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28

Copyright 2022, cxsecurity.com

 

Back to Top