The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-09-27T10:00:00Z
Updated: 2024-09-16T21:57:06.548Z
Reserved: 2013-08-08T00:00:00Z
Link: CVE-2013-5093
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-09-27T10:08:03.133
Modified: 2013-10-07T20:25:22.670
Link: CVE-2013-5093
Redhat
No data.