CVE-2021-32849 is a high-severity OS Command Injection (CWE-78) vulnerability in Gerapy Gerapy. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.