GitHub Advisory DatabaseGHSA-9W7F-M4J4-J3XWGerapy < 0.9.8 may cause remote code execution
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%
Impact
project_configure function exist remote code execute in Gerapy < 0.9.8
Patches
Patched in version 0.9.8, please install with:
pip3 install -U gerapy
References
packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html
github.com/advisories/GHSA-9w7f-m4j4-j3xw
github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28
github.com/Gerapy/Gerapy/issues/219
github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw
github.com/pypa/advisory-database/tree/main/vulns/gerapy/PYSEC-2022-228.yaml
nvd.nist.gov/vuln/detail/CVE-2021-43857
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%