EUVD-2022-0113

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

gerapy is vulnerable to remote code execution. An attacker can inject and execute malicious commands through the projectconfigure function of views.py...

PYSEC-2022-228

An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in projectconfigure function...

Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

GHSA-G57J-Q48P-9VM2 Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

CVE-2020-7698

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

Input validation

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...

CVE-2020-7698

CVE-2020-7698 affects the Gerapy package (versions 0 through before 0.9.3). The vulnerability is a command injection: user input processed by the project_configure endpoint is passed to Popen without proper sanitization, enabling potential remote/external execution. Connected documents corroborat...

CVE-2020-7698 Command Injection

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...