56 matches found
Remote code execution
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
PYSEC-2021-867
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
CVE-2021-43857 Gerapy may contain remote code execution vulnerability
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...
CVE-2021-43857
CVE-2021-43857 affects Gerapy, a distributed crawler management framework. Affected versions prior to 0.9.8 are vulnerable to remote code execution due to an OS command injection flaw in the spider/config flow. The issue is patched in version 0.9.8; users should upgrade to 0.9.8 or later to mitig...
Gerapy 操作系统命令注入漏洞
Gerapy is a distributed crawler management framework based on Scrapy, Scrapyd, Django and Vue.js. An operating system command injection vulnerability exists in versions prior to Gerapy 0.9.8, which stems from the software's lack of effective filtering and escaping of system commands, resulting in...
Gerapy Authentication Remote Command Execution Vulnerability
Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...
GHSA-G57J-Q48P-9VM2 Command injection in Gerapy
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
Command injection in Gerapy
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
CVE-2020-7698
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
CVE-2020-7698
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
Input validation
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
PYSEC-2020-44
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
PYSEC-2020-44
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
CVE-2020-7698
CVE-2020-7698 affects the Gerapy package (versions 0 through before 0.9.3). The vulnerability is a command injection: user input processed by the project_configure endpoint is passed to Popen without proper sanitization, enabling potential remote/external execution. Connected documents corroborat...
CVE-2020-7698 Command Injection
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...
Command Injection
Overview gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Command Injection. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...