CVE-2020-7698
HIGHgerapy < 0.9.3 - OS Command Injection via project_configure Endpoint
Title source: llmDescription
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470
Patch, Third Party Advisory x_refsource_misc
https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2
Scores
CVSS v3
8.1
EPSS
0.0169
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
gerapy/gerapy
0.0.0 - 0.9.3
pypi/gerapy
0 - 0.9.3PyPI
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026