Arbitrary Code Injection Affecting graphite-web package, versions [0.9.5,0.9.11)
Threat Intelligence
EPSS
1.14% (85th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-GRAPHITEWEB-40231
- published 7 Aug 2013
- disclosed 7 Aug 2013
- credit Unknown
Overview
graphite-web
is a Enterprise scalable realtime graphing
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
References
CVSS Scores
version 3.1