Arbitrary Code Execution via Unsafe Usage of Pickle in Graphite Web

Arbitrary Code Execution via Unsafe Usage of Pickle in Graphite Web

CVE-2013-5093 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

Learn more about our Web App Pen Testing.