Vulnerabilities > Graphite Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-27 | CVE-2022-4728 | Cross-site Scripting vulnerability in Graphite Project Graphite A vulnerability has been found in Graphite Web and classified as problematic. | 5.4 |
2022-12-27 | CVE-2022-4729 | Cross-site Scripting vulnerability in Graphite Project Graphite A vulnerability was found in Graphite Web and classified as problematic. | 5.4 |
2022-12-27 | CVE-2022-4730 | Cross-site Scripting vulnerability in Graphite Project Graphite A vulnerability was found in Graphite Web. | 5.4 |
2019-10-11 | CVE-2017-18638 | Server-Side Request Forgery (SSRF) vulnerability in Graphite Project Graphite send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. | 5.0 |
2013-09-27 | CVE-2013-5943 | Cross-Site Scripting vulnerability in Graphite Project Graphite Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-09-27 | CVE-2013-5942 | Code Injection vulnerability in Graphite Project Graphite Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093. | 6.8 |
2013-09-27 | CVE-2013-5093 | Code Injection vulnerability in Graphite Project Graphite The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | 6.8 |