Lucene search
Veracode Vulnerability DatabaseVERACODE:33558HistoryJan 07, 2022 - 12:26 p.m.
Remote Code Execution (RCE)
2022-01-0712:26:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
remote code execution
gerapy
software vulnerability
command line
EPSS
0.041
Percentile
92.3%
gerapy is vulnerable to remote code execution. The use of string which can be controlled externally in a command line allows a malicious user to change the meaning of the command.
References
github.com/Gerapy/Gerapy/commit/98092528a72392447fef05539fadbc4a295e9d60
github.com/Gerapy/Gerapy/issues/197
github.com/Gerapy/Gerapy/issues/211
github.com/Gerapy/Gerapy/issues/217
github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j
lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253
securitylab.github.com/advisories/GHSL-2021-076-gerapy/
Related
nvd
nvd
CVE-2021-32849
2022-01-26 22:15:07
githubexploit
githubexploit
Exploit for Command Injection in Gerapy
2021-11-29 06:39:27
Exploit for OS Command Injection in Gerapy
2022-04-25 06:44:46
cnvd
cnvd
Gerapy Authentication Remote Command Execution Vulnerability
2021-11-29 00:00:00
osv
osv
PYSEC-2022-17
2022-01-26 22:15:00
An authenticated user can execute arbitrary command in Gerapy
2022-01-06 23:48:50
CVE-2021-32849
2022-01-26 22:15:07
cvelist
cvelist
CVE-2021-32849 Arbitrary command execution in Gerapy
2022-01-26 21:30:14
cve
cve
CVE-2021-32849
2022-01-26 22:15:07
prion
prion
Command injection
2022-01-26 22:15:00
github
github
An authenticated user can execute arbitrary command in Gerapy
2022-01-06 23:48:50