CVE-2021-32849

HIGH EXPLOITED

Gerapy <0.9.9 - Command Injection

Title source: llm

Description

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.

Exploits (3)

nomisec WORKING POC 1 stars

by lowkey0808 · remote

https://github.com/lowkey0808/cve-2021-32849

View Code ZIP pw:eip

nomisec SUSPICIOUS

by bb33bb · poc

https://github.com/bb33bb/CVE-2021-32849

View Code ZIP pw:eip

inthewild

poc

https://github.com/ohnonoyesyes/cve-2021-32849

View on inthewild

References (5)

[Issue Tracking, Third Party Advisory] https://github.com/Gerapy/Gerapy/issues/197

[Issue Tracking, Third Party Advisory] https://github.com/Gerapy/Gerapy/issues/217

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j

[Exploit, Third Party Advisory] https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253

[Exploit, Third Party Advisory] https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/

Scores

CVSS v3 8.8

EPSS 0.7831

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-03-04

CWE

CWE-78 CWE-77

Status published

Products (2)

gerapy/gerapy < 0.9.9

pypi/gerapy 0 - 0.9.9PyPI

Published Jan 26, 2022

Tracked Since Feb 18, 2026