Incorrect Authorization
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.
Advisories for Pypi/Gerapy package
2022
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Gerapy is a distributed crawler management framework. A flaw was found where an authenticated user could execute arbitrary commands
2021
Code Injection
Gerapy is a distributed crawler management framework. Gerapy is vulnerable to remote code execution.
2020
Injection Vulnerability
The Gerapy suffers from an OS command injection vulnerability. Unsanitized input is passed to Popen, via the project_configure endpoint.