FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-graphite-web -- Multiple vulnerabilities

Affected packages
0.9.5 <= py26-graphite-web < 0.9.11
0.9.5 <= py27-graphite-web < 0.9.11
0.9.5 <= py31-graphite-web < 0.9.11
0.9.5 <= py32-graphite-web < 0.9.11
0.9.5 <= py33-graphite-web < 0.9.11

Details

VuXML ID e1f99d59-81aa-4662-bf62-c1076f5016c8
Discovery 2013-08-21
Entry 2013-09-30
Modified 2014-04-30

Graphite developers report:

This release contains several security fixes for cross-site scripting (XSS) as well as a fix for a remote-execution exploit in graphite-web (CVE-2013-5903).

References

CVE Name CVE-2013-5093
URL https://github.com/rapid7/metasploit-framework/pull/2260