cbcvebase.
CVE-2013-5942
published 2013-09-27

CVE-2013-5942: Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object…

PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.11%
79.4th percentile
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiangraphite-web< graphite-web 0.9.12+debian-1 (bookworm)graphite-web 0.9.12+debian-1 (bookworm)
graphite_projectgraphite
graphite_projectgraphite
graphite_projectgraphite
graphite_projectgraphite
graphite_projectgraphite
graphite_projectgraphite

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa6.8MEDIUM
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.