cbcvebase.
CVE-2021-43857
published 2021-12-27

CVE-2021-43857: Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in…

PriorityP276high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
55.33%
98.9th percentile
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

Affected

3 ranges
VendorProductVersion rangeFixed in
gerapygerapy< 0.9.80.9.8
gerapygerapy>= 0 < 49bcb19be5e0320e7e1535f34fe00f16a3cf3b2849bcb19be5e0320e7e1535f34fe00f16a3cf3b28
gerapygerapy>= 0 < 0.9.80.9.8

Detection & IOCsextracted from sources · hover to see the quote

url/api/user/auth
url/api/project/index
url/api/project/{name}/build
url/api/project/{id}/parse
  • Monitor for authenticated POST requests to the Gerapy API endpoint /api/project/<id>/parse — this is the sink where the RCE payload is delivered.
  • Look for an Authorization header containing a bearer Token value on requests to /api/project/*/parse and /api/project/*/build, indicating an authenticated exploitation attempt.
  • ·Exploitation requires valid credentials — the attacker must authenticate first to obtain a token before reaching the vulnerable /parse endpoint. Unauthenticated access alone is insufficient.
  • ·The exploit targets Gerapy versions prior to 0.9.8 only; version 0.9.8 contains the patch. Ensure version detection is part of any scanning or triage workflow.
  • ·The exploit requires at least one project to already exist in Gerapy (it enumerates the first project by name/ID). Instances with no configured projects may not be immediately exploitable via this specific PoC.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.