gerapy

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gerapypage 1 of 1

CVE-2020-7698HIGHCVSS 8.1EG 8.1✓ Fixed in 0.9.3
2020-07-29
vulnerable: 0.6.6 ... 0.9.3b1 (35 versions)
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
CVE-2021-32849HIGHCVSS 8.8EG 8.8✓ Fixed in 0.9.9
2022-01-26
vulnerable: 0.6.6 ... 0.9.8 (41 versions)
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
CVE-2021-43857CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.9.8
2021-12-27
vulnerable: 0.6.6 ... 0.9.7 (40 versions)
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

Check whether gerapy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gerapy CVEs against the assets you own.

Start Free Scan →