Graphite Security Vulnerabilities and Issues — Graphite CVE List

Graphite ProjectGraphite

7 matches found

CVE•added 2019/10/11 10:1 p.m.•285 views

CVE-2017-18638

CVE-2017-18638 affects Graphite’s graphite-web send_email() in the composer/views.py path up to version 1.1.5. It allows SSRF: the Graphite web server can fetch arbitrary resources and embed the response in an image sent via email, enabling information exfiltration. The issue is fixed in Graphite...

7.5CVSS7.2AI score0.91616EPSS

CVE•added 2022/12/24 12:0 a.m.•239 views

CVE-2022-4730

Graphite-Web contains multiple cross-site scripting vulnerabilities in components including the Absolute Time Range Handler. CVE-2022-4730 (along with CVE-2022-4728 and CVE-2022-4729) affect graphite-web and could be exploited remotely. Debian reports these issues and provides a security update: ...

5.4CVSS4.6AI score0.00418EPSS

CVE•added 2022/12/24 12:0 a.m.•237 views

CVE-2022-4729

Graphite-Web (Graphite-Web) is affected by CVE-2022-4729. The vulnerability involves cross-site scripting in the Template Name Handler, allowing remote exploitation. Debian and Ubuntu advisories list Graphite-Web as vulnerable and note XSS across multiple components (Cookie Handler, Template Name...

5.4CVSS4.6AI score0.00179EPSS

CVE•added 2022/12/24 12:0 a.m.•236 views

CVE-2022-4728

Summary of concrete details (CVE-2022-4728): The vulnerability affects Graphite-Web, specifically in the Cookie Handler component, enabling cross-site scripting via crafted inputs. It is triggered remotely and has public exploit information in the referenced sources. Affected/distributed advisori...

5.4CVSS4.7AI score0.00429EPSS

CVE•added 2013/09/27 10:0 a.m.•118 views

CVE-2013-5093

Graphite Web (graphite-web) versions 0.9.5–0.9.10 are affected by an unsafe use of pickle in renderLocalView (render/views.py) that enables remote code execution via a crafted serialized object. Connected advisories corroborate a remote code execution vulnerability in graphite-web involving the p...

6.8CVSS7.3AI score0.83612EPSS

Web

CVE•added 2013/09/27 10:0 a.m.•50 views

CVE-2013-5942

CVE-2013-5942 affects Graphite Web 0.9.5–0.9.10 where the pickle module is used unsafely, enabling remote code execution via a crafted serialized object. The vulnerability involves multiple components (remote_storage.py, storage.py, render/datalib.py, whitelist/views.py). Connected advisories cor...

6.8CVSS7.5AI score0.83612EPSS

CVE•added 2013/09/27 10:0 a.m.•42 views

CVE-2013-5943

CVE-2013-5943 describes multiple cross-site scripting (XSS) vulnerabilities in the Graphite web project prior to version 0.9.11, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected sources confirm the affected component as Graphite web and speci...

4.3CVSS5.7AI score0.00253EPSS