Remote Code Execution Vulnerability in Graphite by Graphite Project
CVE-2013-5942

Currently unrated

Key Information:

Vendor: Graphite Project
Status: Graphite
Vendor: CVE Published:; 27 September 2013

🔔 Create Graphite Project Vulnerability Alert

What is CVE-2013-5942?

The Graphite Web application versions 0.9.5 through 0.9.10 contain a vulnerability due to the unsafe use of the pickle module in Python. This security weakness allows remote attackers to execute arbitrary code by sending a crafted serialized object to the application. Affected files related to this vulnerability include remote_storage.py, storage.py, render/datalib.py, and whitelist/views.py. It is crucial for users of these versions to understand the risks posed and apply the necessary updates to secure their systems.

References

https://github.com/graphite-project/graphite-web/blob/mas...

x_refsource_CONFIRM

http://secunia.com/advisories/54556

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 27, 2013

CVE-2013-5942 Data

JSON