Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
{ "nvd_published_at": "2013-09-27T10:08:00Z", "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-08-29T19:01:27Z" }