CVE-2013-5093

Name of the Vulnerable Software and Affected Versions Graphite versions 0.9.5 through 0.9.10

Description The issue concerns the use of the pickle Python module in an unsafe manner by the renderLocalView function in render/views.py in graphite-web. This allows remote attackers to execute arbitrary code via a crafted serialized object.

Recommendations For Graphite versions 0.9.5 through 0.9.10, consider disabling the renderLocalView function in render/views.py until a patch is available. Restrict access to the render/views.py module to minimize the risk of exploitation. Avoid using the pickle Python module with untrusted input in the affected Graphite versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.