CVE-2013-5942
published 2013-09-27CVE-2013-5942: Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.11%
79.4th percentile
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | graphite-web | < graphite-web 0.9.12+debian-1 (bookworm) | graphite-web 0.9.12+debian-1 (bookworm) |
| graphite_project | graphite | — | — |
| graphite_project | graphite | — | — |
| graphite_project | graphite | — | — |
| graphite_project | graphite | — | — |
| graphite_project | graphite | — | — |
| graphite_project | graphite | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa6.8MEDIUM
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
graphite-web is vulnerable to Remote Code Execution
osv·2022-05-17·CVSS 6.8
CVE-2013-5942 [MEDIUM] graphite-web is vulnerable to Remote Code Execution
graphite-web is vulnerable to Remote Code Execution
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
GHSA
graphite-web is vulnerable to Remote Code Execution
ghsa·2022-05-17·CVSS 6.8
CVE-2013-5942 [MEDIUM] CWE-94 graphite-web is vulnerable to Remote Code Execution
graphite-web is vulnerable to Remote Code Execution
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
OSV
CVE-2013-5942: Graphite 0
osv·2013-09-27·CVSS 6.8
CVE-2013-5942 [MEDIUM] CVE-2013-5942: Graphite 0
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Debian
CVE-2013-5942: graphite-web - Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allo...
vendor_debian·2013·CVSS 6.8
CVE-2013-5942 [MEDIUM] CVE-2013-5942: graphite-web - Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allo...
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Scope: local
bookworm: resolved (fixed in 0.9.12+debian-1)
forky: resolved (fixed in 0.9.12+debian-1)
sid: resolved (fixed in 0.9.12+debian-1)
trixie: resolved (fixed in 0.9.12+debian-1)
No detection rules found.
No public exploits indexed.
2013-09-27
Published