CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
graphite_projectgraphite
0.9.5
graphite_projectgraphite
0.9.6
graphite_projectgraphite
0.9.7
graphite_projectgraphite
0.9.8
graphite_projectgraphite
0.9.9
graphite_projectgraphite
0.9.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphite-web
bookworm
1.1.8-2
fixed
sid
1.1.10-8
fixed
trixie
1.1.10-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphite-web
raring
dne
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/54556
https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
http://secunia.com/advisories/54556
https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst