CVE-2021-32849

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32849

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32849.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32849

Aliases

Related

GHSA-756h-r2c9-qp5j

Published

2022-01-26T22:15:07Z

Modified

2025-07-01T12:32:08.959783Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.

References

Affected packages

Git / github.com/gerapy/gerapy

Affected ranges

Type: GIT
Repo: https://github.com/gerapy/gerapy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

157fe7966876640414efbf126edddfcfb1ab6dfd

Affected versions

0.*

0.8.5

0.8.6-beta

0.8.6-beta1

0.8.6-rc1

v0.*

v0.7.8

v0.8.2

v0.8.3

v0.8.4-rc2

v0.8.5rc2

v0.8.6

v0.8.6rc2

v0.8.7

v0.8.8

v0.8.rc2

v0.9.0

v0.9.1

v0.9.2

v0.9.2rc1

v0.9.3

v0.9.3a1

v0.9.3a2

v0.9.3b1

v0.9.4

v0.9.5

v0.9.6

v0.9.6a1

v0.9.7

v0.9.8