CVE-2013-5093

2022-10-0316:14:53

CWE-94

[email protected]

web.nvd.nist.gov

cve-2013-5093

graphite

renderlocalview

graphite-web

nvd

security vulnerability

code execution

pickle python module

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

Affected configurations

NVD

Node

graphite_projectgraphiteMatch0.9.5

graphite_projectgraphiteMatch0.9.6

graphite_projectgraphiteMatch0.9.7

graphite_projectgraphiteMatch0.9.8

graphite_projectgraphiteMatch0.9.9

graphite_projectgraphiteMatch0.9.10

CPENameOperatorVersion
graphite_project:graphitegraphite project graphiteeq0.9.5
graphite_project:graphitegraphite project graphiteeq0.9.6
graphite_project:graphitegraphite project graphiteeq0.9.7
graphite_project:graphitegraphite project graphiteeq0.9.8
graphite_project:graphitegraphite project graphiteeq0.9.9
graphite_project:graphitegraphite project graphiteeq0.9.10

CPE	Name	Operator	Version
graphite_project:graphite	graphite project graphite	eq	0.9.5
graphite_project:graphite	graphite project graphite	eq	0.9.6
graphite_project:graphite	graphite project graphite	eq	0.9.7
graphite_project:graphite	graphite project graphite	eq	0.9.8
graphite_project:graphite	graphite project graphite	eq	0.9.9
graphite_project:graphite	graphite project graphite	eq	0.9.10