Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
CVSS Score
8.8
EPSS Score
0.756
Published
2022-01-26
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
CVSS Score
9.8
EPSS Score
0.419
Published
2021-12-27
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-07-29