CVE-2021-43857

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

Ссылки

http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html
Exploit
Third Party Advisory
https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28
Patch
Third Party Advisory
https://github.com/Gerapy/Gerapy/issues/219
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw
Third Party Advisory
http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html
Exploit
Third Party Advisory
https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28
Patch
Third Party Advisory
https://github.com/Gerapy/Gerapy/issues/219
Issue Tracking
Third Party Advisory
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gerapy:gerapy:*:*:*:*:*:*:*:*

Версия до 0.9.8 (исключая)

EPSS

Процентиль: 98%

0.4964

Средний

9.8 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9w7f-m4j4-j3xw

CVSS3: 9.8

github

около 4 лет назад

Gerapy may cause remote code execution

EPSS

Процентиль: 98%

0.4964

Средний

9.8 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

NVD-CWE-noinfo