Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Graphite ‘pickle.loads()’ 多个远程代码执行漏洞
Vulnerability Description
Graphite是一套使用Python语言编写、采用Django框架的企业级开源系统监控工具(数据绘图),它通过第三方工具或插件进行数据收集、统计,最后完成数据绘图。 Graphite 0.9.5至0.9.10版本中存在漏洞,该漏洞源于程序不安全地使用了备用Python模块。远程攻击者可借助与(1) remote_storage.py,(2) storage.py,(3) render/datalib.py,以及(4) whitelist/views.py有关的特制的序列化对象,从而利用该漏洞执行任意代码
CVSS Information
N/A
Vulnerability Type
N/A