Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
CPE | Name | Operator | Version |
---|---|---|---|
graphite-web | eq | 0.9.7 | |
graphite-web | eq | 0.9.8 | |
graphite-web | eq | 0.9.5 | |
graphite-web | eq | 0.9.9 | |
graphite-web | eq | 0.9.6 | |
graphite-web | eq | 0.9.7b | |
graphite-web | eq | 0.9.7c | |
graphite-web | eq | 0.9.10 |