PyPI package
graphite-web
pkg:pypi/graphite-web
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4730 | — | <= 1.1.10 | — | Dec 24, 2022 | A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been discl | ||
| CVE-2022-4729 | — | <= 1.1.10 | — | Dec 24, 2022 | A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the | ||
| CVE-2022-4728 | — | <= 1.1.10 | — | Dec 24, 2022 | A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi | ||
| CVE-2017-18638 | — | < 1.1.6 | 1.1.6 | Oct 11, 2019 | send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image f | ||
| CVE-2013-5942 | — | >= 0.9.5, < 0.9.11 | 0.9.11 | Sep 27, 2013 | Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerab | ||
| CVE-2013-5093 | — | >= 0.9.5, < 0.9.11 | 0.9.11 | Sep 27, 2013 | The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. |
- CVE-2022-4730Dec 24, 2022affected <= 1.1.10
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been discl
- CVE-2022-4729Dec 24, 2022affected <= 1.1.10
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the
- CVE-2022-4728Dec 24, 2022affected <= 1.1.10
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi
- CVE-2017-18638Oct 11, 2019affected < 1.1.6fixed 1.1.6
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image f
- CVE-2013-5942Sep 27, 2013affected >= 0.9.5, < 0.9.11fixed 0.9.11
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerab
- CVE-2013-5093Sep 27, 2013affected >= 0.9.5, < 0.9.11fixed 0.9.11
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.