PYSEC-2013-34

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/graphite-web/PYSEC-2013-34.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2013-34

Aliases

CVE-2013-5942
GHSA-ch3j-w953-hfcm

Published

2013-09-27T10:08:00Z

Modified

2023-11-01T04:45:17.083385Z

Summary

[none]

Details

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.

References

https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
http://secunia.com/advisories/54556

Affected packages

PyPI / graphite-web

Package

Name: graphite-web; View open source insights on deps.dev
Purl: pkg:pypi/graphite-web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9.5

Fixed

0.9.11

Affected versions

0.*

0.9.5

0.9.6

0.9.7b

0.9.7c

0.9.7

0.9.8

0.9.9

0.9.10