Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-09-27T10:00:00Z
Updated: 2024-09-17T02:26:53.140Z
Reserved: 2013-09-27T00:00:00Z
Link: CVE-2013-5942
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-09-27T10:08:04.367
Modified: 2013-10-07T20:17:25.053
Link: CVE-2013-5942
Redhat
No data.