Описание
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- ExploitPatch
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- ExploitPatch
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:graphite_project:graphite:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:graphite_project:graphite:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:graphite_project:graphite:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:graphite_project:graphite:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:graphite_project:graphite:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:graphite_project:graphite:0.9.10:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.83612
Высокий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
ubuntu
больше 12 лет назад
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
debian
больше 12 лет назад
The renderLocalView function in render/views.py in graphite-web in Gra ...
CVSS3: 9
github
больше 3 лет назад
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
EPSS
Процентиль: 99%
0.83612
Высокий
6.8 Medium
CVSS2
Дефекты
CWE-94