VYPR
Critical severityNVD Advisory· Published Sep 27, 2013· Updated Jun 16, 2026

CVE-2013-5093

CVE-2013-5093

Description

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
graphite-webPyPI
>= 0.9.5, < 0.9.110.9.11

Affected products

7
  • cpe:2.3:a:graphite_project:graphite:0.9.10:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:graphite_project:graphite:0.9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:graphite_project:graphite:0.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:graphite_project:graphite:0.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:graphite_project:graphite:0.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:graphite_project:graphite:0.9.8:*:*:*:*:*:*:*
    • cpe:2.3:a:graphite_project:graphite:0.9.9:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 0.9.5, < 0.9.11

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.