Описание
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.9.12+debian-1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 0.9.11, 0.9.12 |
Показывать по
10
EPSS
Процентиль: 99%
0.83612
Высокий
6.8 Medium
CVSS2
Связанные уязвимости
nvd
больше 12 лет назад
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
debian
больше 12 лет назад
The renderLocalView function in render/views.py in graphite-web in Gra ...
CVSS3: 9
github
больше 3 лет назад
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
EPSS
Процентиль: 99%
0.83612
Высокий
6.8 Medium
CVSS2