{"id":"CVE-2021-32849","details":"Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.","aliases":["GHSA-756h-r2c9-qp5j","PYSEC-2022-17"],"modified":"2026-07-08T05:59:19.028843165Z","published":"2022-01-26T22:15:07.903Z","related":["GHSA-756h-r2c9-qp5j"],"database_specific":{},"references":[{"type":"REPORT","url":"https://github.com/Gerapy/Gerapy/issues/197"},{"type":"REPORT","url":"https://github.com/Gerapy/Gerapy/issues/217"},{"type":"REPORT","url":"https://github.com/Gerapy/Gerapy/security/advisories/GHSA-756h-r2c9-qp5j"},{"type":"EVIDENCE","url":"https://lgtm.com/projects/g/Gerapy/Gerapy?mode=tree&ruleFocus=1505994646253"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gerapy/gerapy","events":[{"introduced":"0"},{"fixed":"157fe7966876640414efbf126edddfcfb1ab6dfd"}],"database_specific":{"cpe":"cpe:2.3:a:gerapy:gerapy:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"0.9.9"}]}}],"versions":["v0.9.8","v0.9.7","v0.9.6","v0.9.6a1","v0.9.5","v0.9.4","v0.9.3","v0.9.3b1","v0.9.3a2","v0.9.3a1","v0.9.2","v0.9.2rc1","v0.9.1","v0.9.0","v0.8.8","v0.8.7","v0.8.6","v0.8.rc2","v0.8.6rc2","v0.8.5rc2","0.8.6-rc1","0.8.6-beta1","0.8.6-beta","v0.8.3","v0.8.2","v0.7.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32849.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}