CVE-2021-32849
An authenticated user can execute arbitrary command in Gerapy
8.8
HIGH
CVSS 3.1
EPSS 78.3%
Description
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
How to fix CVE-2021-32849
To remediate CVE-2021-32849, upgrade the affected package to a fixed version below.
- PyPI/gerapy—upgrade to 0.9.9 or later
- —upgrade to 0.9.9 or later
Is CVE-2021-32849 being exploited?
Likely — EPSS is 78.3%, placing CVE-2021-32849 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 0.9.9
- from 0, < 0.9.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |