Lucene search
GoogleOSV:PYSEC-2013-3HistorySep 27, 2013 - 10:08 a.m.
PYSEC-2013-3
2013-09-2710:08:00
Google
osv.dev
10
0.969 High
EPSS
Percentile
99.7%
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
| CPE | Name | Operator | Version |
|---|---|---|---|
| graphite-web | eq | 0.9.7 | |
| graphite-web | eq | 0.9.8 | |
| graphite-web | eq | 0.9.5 | |
| graphite-web | eq | 0.9.9 | |
| graphite-web | eq | 0.9.6 | |
| graphite-web | eq | 0.9.7b | |
| graphite-web | eq | 0.9.7c | |
| graphite-web | eq | 0.9.10 |
References
ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
secunia.com/advisories/54556
www.exploit-db.com/exploits/27752
www.osvdb.org/96436
www.securityfocus.com/bid/61894
github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb
Related
nessus
nessus
Fedora 18 : graphite-web-0.9.12-1.fc18 (2013-15713)
2013-09-19 00:00:00
Fedora 19 : graphite-web-0.9.12-1.fc19 (2013-15710)
2013-09-19 00:00:00
openvas
openvas
Fedora Update for graphite-web FEDORA-2013-15710
2013-09-24 00:00:00
Fedora Update for graphite-web FEDORA-2013-15713
2013-09-24 00:00:00
Fedora Update for graphite-web FEDORA-2013-15713
2013-09-24 00:00:00
prion
prion
Authentication flaw
2013-09-27 10:08:00
Design/Logic Flaw
2013-09-27 10:08:00
Design/Logic Flaw
2013-09-23 19:55:00
github
github
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
2022-05-17 05:03:05
graphite-web is vulnerable to Remote Code Execution
2022-05-17 05:03:05
debiancve
debiancve
CVE-2013-5093
2022-10-03 16:14:53
CVE-2013-5942
2022-10-03 16:14:55
cve
cve
checkpoint_advisories
checkpoint_advisories
Graphite Web Unsafe Module Handling Code Execution (CVE-2013-5093)
2013-10-27 00:00:00
zdt
zdt
Graphite Web Unsafe Pickle Handling Exploit
2013-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: graphite-web-0.9.12-1.fc18
2013-09-18 13:01:50
[SECURITY] Fedora 19 Update: graphite-web-0.9.12-1.fc19
2013-09-18 13:00:38
osv
osv
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
2022-05-17 05:03:05
graphite-web is vulnerable to Remote Code Execution
2022-05-17 05:03:05
PYSEC-2013-34
2013-09-27 10:08:00
cvelist
cvelist
CVE-2013-5093
2022-10-03 16:14:53
CVE-2013-5942
2022-10-03 16:14:55
packetstorm
packetstorm
Graphite Web Unsafe Pickle Handling
2013-08-21 00:00:00
nvd
nvd
ubuntucve
ubuntucve
CVE-2013-5093
2013-09-27 00:00:00
CVE-2013-5942
2013-09-27 00:00:00
freebsd
freebsd
py-graphite-web -- Multiple vulnerabilities
2013-08-21 00:00:00