CVE-2016-4000

🗓️ 06 Jul 2017 16:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 105 Views

Jython before 2.7.1rc1 allows arbitrary code execution via crafted serialized PyFunction object

Reporter	Title	Published	Views	Family All 40
Circl	CVE-2016-4000	9 Jan 202411:41	–	circl
CNVD	Jython Arbitrary Code Execution Vulnerability	7 Jul 201700:00	–	cnvd
Cvelist	CVE-2016-4000	6 Jul 201716:00	–	cvelist
Debian	[SECURITY] [DLA 989-1] jython security update	18 Jun 201711:26	–	debian
Debian	[SECURITY] [DSA 3893-1] jython security update	22 Jun 201712:37	–	debian
Debian	[SECURITY] [DSA 3893-1] jython security update	22 Jun 201712:37	–	debian
Debian CVE	CVE-2016-4000	6 Jul 201716:00	–	debiancve
Tenable Nessus	Debian DLA-989-1 : jython security update	19 Jun 201700:00	–	nessus
Tenable Nessus	Debian DSA-3893-1 : jython - security update	23 Jun 201700:00	–	nessus
Tenable Nessus	GLSA-201710-28 : Jython: Arbitrary code execution	30 Oct 201700:00	–	nessus

NVD

Node

jython_project jythonMatch2.7.0

Node

debian debian_linuxMatch8.0

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
security	www.security.gentoo.org/glsa/201710-28
lists	www.lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533%40%3Cdevnull.infra.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujan2020.html
oracle	www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2016-4000
securityfocus	www.securityfocus.com/bid/105647
hg	www.hg.python.org/jython/rev/d06e29d100c0
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
oracle	www.oracle.com/security-alerts/cpujul2020.html

13 May 2026 00:24Current

8.6High risk

Vulners AI Score8.6

CVSS 27.5

CVSS 39.8

EPSS0.12492

cve-2016-4000 jython arbitrary code execution pyfunction object security vulnerability