104 matches found
PT-2022-28042 · Unknown +2 · Graphite Web +2
Name of the Vulnerable Software and Affected Versions: Graphite Web affected versions not specified Description: A problem has been found in Graphite Web that affects unknown code of the Cookie Handler component. This issue leads to cross-site scripting and can be initiated remotely. The exploit...
PT-2022-28044 · Unknown +2 · Graphite Web +2
Name of the Vulnerable Software and Affected Versions: Graphite Web affected versions not specified Description: A problem was found in Graphite Web. It affects an unknown function of the Absolute Time Range Handler component. The issue leads to cross-site scripting. It is possible to launch the...
CVE-2022-4728
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2022-4730
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2022-4729
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2022-4729 Graphite Web Template Name cross site scripting
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2022-4730 Graphite Web Absolute Time Range cross site scripting
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
GHSA-CH3J-W953-HFCM graphite-web is vulnerable to Remote Code Execution
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...
GHSA-M923-W2GJ-V43G graphite-web is vulnerable to Remote Code Execution via renderLocalView function
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
graphite-web is vulnerable to Remote Code Execution
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...
CVE-2017-18638
A flaw was found in graphite-web. The sendemail in the graphite-web/webapp/graphite/composer/views.py function is vulnerable to a Server-side request forgery SSRF. This flaw allows an attacker to use the vulnerable SSRF endpoint to have the Graphite web server request any resource. An attacker ca...
Open Redirection
graphite-web is vulnerable to open redirection. An attacker is able to redirect a legitimate user to a malicious website via the nextPage parameter...
SUSE-SU-2019:2803-1 Security update for graphite-web
This update for graphite-web fixes the following issues: - CVE-2017-18638: Fixed an SSRF vulnerability in sendemail bsc1154007...
graphite.composer.views.send_email vulnerable to SSRF
Impact sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and the...
Debian: Security Advisory (DLA-1962-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1962-1 : graphite-web security update
The 'sendemail' function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent...
[SECURITY] [DLA 1962-1] graphite-web security update
Package : graphite-web Version : 0.9.12+debian-6+deb8u1 CVE ID : CVE-2017-18638 The sendemail function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource...
DLA-1962-1 graphite-web - security update
Bulletin has no description...
Server-Side Request Forgery (SSRF)
graphite-web is vulnerable to server-side request forgery SSRF. The sendemail function in graphite-web/webapp/graphite/composer/views.py can be used by an attacker to send a request on behalf of the Graphite web server. The corresponding response from the SSRF request is encoded into an image fil...