CVE-2021-43857
published 2021-12-27CVE-2021-43857: Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in…
PriorityP276high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
55.33%
98.9th percentile
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gerapy | gerapy | < 0.9.8 | 0.9.8 |
| gerapy | gerapy | >= 0 < 49bcb19be5e0320e7e1535f34fe00f16a3cf3b28 | 49bcb19be5e0320e7e1535f34fe00f16a3cf3b28 |
| gerapy | gerapy | >= 0 < 0.9.8 | 0.9.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for authenticated POST requests to the Gerapy API endpoint /api/project/<id>/parse — this is the sink where the RCE payload is delivered. ↗
- →Look for an Authorization header containing a bearer Token value on requests to /api/project/*/parse and /api/project/*/build, indicating an authenticated exploitation attempt. ↗
- ·Exploitation requires valid credentials — the attacker must authenticate first to obtain a token before reaching the vulnerable /parse endpoint. Unauthenticated access alone is insufficient. ↗
- ·The exploit targets Gerapy versions prior to 0.9.8 only; version 0.9.8 contains the patch. Ensure version detection is part of any scanning or triage workflow. ↗
- ·The exploit requires at least one project to already exist in Gerapy (it enumerates the first project by name/ID). Instances with no configured projects may not be immediately exploitable via this specific PoC. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gerapy may cause remote code execution
ghsa·2022-01-06
CVE-2021-43857 [CRITICAL] CWE-78 Gerapy may cause remote code execution
Gerapy may cause remote code execution
### Impact
project_configure function exist remote code execute in Gerapy < 0.9.8
### Patches
Patched in version 0.9.8, please install with:
```
pip3 install -U gerapy
```
OSV
Gerapy may cause remote code execution
osv·2022-01-06
CVE-2021-43857 [CRITICAL] Gerapy may cause remote code execution
Gerapy may cause remote code execution
### Impact
project_configure function exist remote code execute in Gerapy < 0.9.8
### Patches
Patched in version 0.9.8, please install with:
```
pip3 install -U gerapy
```
OSV
CVE-2021-43857: Gerapy is a distributed crawler management framework
osv·2021-12-27
CVE-2021-43857 CVE-2021-43857: Gerapy is a distributed crawler management framework
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.htmlhttps://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28https://github.com/Gerapy/Gerapy/issues/219https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xwhttp://packetstormsecurity.com/files/165459/Gerapy-0.9.7-Remote-Code-Execution.htmlhttps://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28https://github.com/Gerapy/Gerapy/issues/219https://github.com/Gerapy/Gerapy/security/advisories/GHSA-9w7f-m4j4-j3xw
2021-12-27
Published