Remote Code Execution Vulnerability in Graphite by MetricFire
CVE-2013-5093

Currently unrated

Key Information:

Vendor: Graphite Project
Status: Graphite
Vendor: CVE Published:; 27 September 2013

🔔 Create Graphite Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 83%

What is CVE-2013-5093?

The renderLocalView function in render/views.py of Graphite version 0.9.5 through 0.9.10 utilizes the Python pickle module in an unsafe manner, which could result in remote code execution. This vulnerability allows attackers to craft a serialized object that, when processed by the vulnerable function, can lead to arbitrary code execution on the server, putting sensitive data and system integrity at risk. It's critical for users to upgrade to a patched version to mitigate this threat.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-5093 - Proof of Concept

References

http://ceriksen.com/2013/08/20/graphite-remote-code-execu...

x_refsource_MISC

http://www.exploit-db.com/exploits/27752

exploitx_refsource_EXPLOIT-DB

https://github.com/graphite-project/graphite-web/blob/mas...

x_refsource_CONFIRM

EPSS Score

83% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Sep 27, 2013
👾
Exploit known to exist
Sep 27, 2013
Vulnerability published
Sep 27, 2013

CVE-2013-5093 Data

JSON