{"id":"PYSEC-2021-867","details":"Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.","aliases":["CVE-2021-43857","GHSA-9w7f-m4j4-j3xw"],"modified":"2023-11-08T04:07:14.715843Z","published":"2021-12-27T19:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw"},{"type":"REPORT","url":"https://github.com/Gerapy/Gerapy/issues/219"},{"type":"FIX","url":"https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"},{"type":"WEB","url":"http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.html"}],"affected":[{"package":{"name":"gerapy","ecosystem":"PyPI","purl":"pkg:pypi/gerapy"},"ranges":[{"type":"GIT","repo":"https://github.com/Gerapy/Gerapy","events":[{"introduced":"0"},{"fixed":"49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.8"}]}],"versions":["0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4rc2","0.8.5","0.8.5rc2","0.8.6","0.8.6a0","0.8.6b0","0.8.6b1","0.8.6rc1","0.8.6rc2","0.8.7","0.8.8","0.9.0","0.9.1","0.9.2","0.9.2a0","0.9.2rc1","0.9.3","0.9.3a1","0.9.3a2","0.9.3b1","0.9.5","0.9.6","0.9.6a1","0.9.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gerapy/PYSEC-2021-867.yaml"}}],"schema_version":"1.7.3"}