Lucene search
K

56 matches found

Prion
Prion
added 2021/12/27 7:15 p.m.14 views

Remote code execution

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

6.5CVSS8.6AI score0.55331EPSS
Exploits7References4Affected Software1
OSV
OSV
added 2021/12/27 7:15 p.m.16 views

PYSEC-2021-867

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

9.8CVSS5.6AI score0.55331EPSS
Exploits7References4
Cvelist
Cvelist
added 2021/12/27 6:30 p.m.25 views

CVE-2021-43857 Gerapy may contain remote code execution vulnerability

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

9.8CVSS9.8AI score0.55331EPSS
Exploits7References4
CVE
CVE
added 2021/12/27 6:30 p.m.223 views

CVE-2021-43857

CVE-2021-43857 affects Gerapy, a distributed crawler management framework. Affected versions prior to 0.9.8 are vulnerable to remote code execution due to an OS command injection flaw in the spider/config flow. The issue is patched in version 0.9.8; users should upgrade to 0.9.8 or later to mitig...

9.8CVSS8.6AI score0.55331EPSS
Exploits7References4Affected Software1
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.6 views

Gerapy 操作系统命令注入漏洞

Gerapy is a distributed crawler management framework based on Scrapy, Scrapyd, Django and Vue.js. An operating system command injection vulnerability exists in versions prior to Gerapy 0.9.8, which stems from the software's lack of effective filtering and escaping of system commands, resulting in...

9.8CVSS6.3AI score0.55331EPSS
Exploits7References8
CNVD
CNVD
added 2021/11/29 12:0 a.m.34 views

Gerapy Authentication Remote Command Execution Vulnerability

Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...

9CVSS5.1AI score0.0765EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 6:52 p.m.19 views

GHSA-G57J-Q48P-9VM2 Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS9.5AI score0.01694EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/05/06 6:52 p.m.60 views

Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS8.9AI score0.01694EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/07/29 1:15 p.m.15 views

CVE-2020-7698

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS9.5AI score
Exploits0References2
NVD
NVD
added 2020/07/29 1:15 p.m.20 views

CVE-2020-7698

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS8.5AI score0.01694EPSS
Exploits0References2
Prion
Prion
added 2020/07/29 1:15 p.m.17 views

Input validation

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

7.5CVSS9.4AI score0.01694EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/29 1:15 p.m.33 views

PYSEC-2020-44

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS3.9AI score0.01694EPSS
Exploits0References3
PyPA
PyPA
added 2020/07/29 1:15 p.m.16 views

PYSEC-2020-44

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS7AI score0.01694EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/07/29 12:40 p.m.74 views

CVE-2020-7698

CVE-2020-7698 affects the Gerapy package (versions 0 through before 0.9.3). The vulnerability is a command injection: user input processed by the project_configure endpoint is passed to Popen without proper sanitization, enabling potential remote/external execution. Connected documents corroborat...

9.8CVSS8.9AI score0.01694EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/29 12:40 p.m.25 views

CVE-2020-7698 Command Injection

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

8.1CVSS9.5AI score0.01694EPSS
Exploits0References2
Snyk
Snyk
added 2020/06/17 9:12 a.m.3 views

Command Injection

Overview gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Command Injection. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

9.8CVSS6.9AI score0.01694EPSS
Exploits0References2
Rows per page
Query Builder