CVE-2013-5093

NONECVSS 0.0

0.0

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

🔗 References (14)

cve@mitrehttp://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
cve@mitrehttp://secunia.com/advisories/54556
cve@mitrehttp://www.exploit-db.com/exploits/27752
cve@mitrehttp://www.osvdb.org/96436
cve@mitrehttp://www.securityfocus.com/bid/61894
cve@mitrehttps://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
cve@mitrehttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb
af854a3a-2127-422b-91ae-364da2661108http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54556
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/27752
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/96436
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61894
af854a3a-2127-422b-91ae-364da2661108https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
af854a3a-2127-422b-91ae-364da2661108https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb

Is Your Infrastructure Affected by CVE-2013-5093?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-5093

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-5093?