CVE-2021-32849

Sažetak

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.

Reference

https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/
https://github.com/Gerapy/Gerapy/issues/197
https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j
https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253
https://github.com/Gerapy/Gerapy/issues/217

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-02-2022 - 19:32

Objavljeno

26-01-2022 - 22:15