Описание
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.9.12+debian-1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 0.9.12+debian-1 |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...
graphite-web is vulnerable to Remote Code Execution
6.8 Medium
CVSS2