CVE-2021-32849

Опубликовано: 26 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.

Ссылки

https://github.com/Gerapy/Gerapy/issues/197
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/issues/217
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j
Exploit
Issue Tracking
Third Party Advisory
https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253
Exploit
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/
Exploit
Third Party Advisory
https://github.com/Gerapy/Gerapy/issues/197
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/issues/217
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j
Exploit
Issue Tracking
Third Party Advisory
https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253
Exploit
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gerapy:gerapy:*:*:*:*:*:*:*:*

Версия до 0.9.9 (исключая)

EPSS

Процентиль: 99%

0.78306

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

CWE-77

Связанные уязвимости

GHSA-756h-r2c9-qp5j