Graphite Has a Pickle Deserialization Vulnerability
Type of vulnerability: Insecure Deserialization via Python's pickle module. Who is impacted: Users of Graphite graph database engine versions before 0.2 who load database files from untrusted or third-party sources. An attacker could craft a malicious database file that executes arbitrary code when loaded by the engine. This is possible because the engine used pickle for serialization, which is known to be unsafe for untrusted data.