NVD

Id
40524  
Name
CVE-2013-5093  
Description
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-09-27  
Modified Date
2013-10-07  
Seq
2013-5093  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
205513 40524 CVE-2013-5093 http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/  View
205514 40524 CVE-2013-5093 27752  View
205515 40524 CVE-2013-5093 61894  View
205516 40524 CVE-2013-5093 https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst  View
205517 40524 CVE-2013-5093 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22759 JVNDB-2013-004334 Graphite の graphite-web の render/views.py における任意のコードを実行される脆弱性 Graphite の graphite-web の render/views.py 内の enderLocalView 関数は、危険な方法で pickle Python モジュールを使用するため、任意のコードを実行される脆弱性が存在します。 CVE-2013-5093 65035 CVE-2013-5093 40524 6.8 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004334.html 2013-08-20 2013-09-30 View