Skip to content

Gerapy < 0.9.8 may cause remote code execution

High
Germey published GHSA-9w7f-m4j4-j3xw Dec 26, 2021

Package

pip gerapy (pip)

Affected versions

<0.9.8

Patched versions

0.9.8

Description

Impact

project_configure function exist remote code execute in Gerapy < 0.9.8

Patches

Patched in version 0.9.8, please install with:

pip3 install -U gerapy

Severity

High

CVE ID

CVE-2021-43857

Weaknesses

No CWEs