Skip to main content

Jython

2 CVEs product

Monthly

CVE-2016-4000 Maven CRITICAL PATCH GHSA Act Now

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5%.

Deserialization RCE Jython Debian Linux
NVD
CVSS 3.0
9.8
EPSS
12.5%
CVE-2013-2027 Maven MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD
CVSS 2.0
4.6
EPSS
0.0%
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5%.

Deserialization RCE Jython +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy