Vulnerability Description
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphite Project | Graphite | 0.9.5 |
Related Weaknesses (CWE)
References
- http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-adviExploit
- http://secunia.com/advisories/54556Vendor Advisory
- http://www.exploit-db.com/exploits/27752Exploit
- http://www.osvdb.org/96436
- http://www.securityfocus.com/bid/61894Exploit
- https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_1ExploitPatch
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unixExploit
- http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-adviExploit
- http://secunia.com/advisories/54556Vendor Advisory
- http://www.exploit-db.com/exploits/27752Exploit
- http://www.osvdb.org/96436
- http://www.securityfocus.com/bid/61894Exploit
- https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_1ExploitPatch
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unixExploit
FAQ
What is CVE-2013-5093?
CVE-2013-5093 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a c...
How severe is CVE-2013-5093?
CVE-2013-5093 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5093?
Check the references section above for vendor advisories and patch information. Affected products include: Graphite Project Graphite.