Lucene search

K
osvGoogleOSV:GHSA-6R7R-JJ8H-PQ6V
HistoryMay 13, 2022 - 1:25 a.m.

Deserialization of Untrusted Data in Jython

2022-05-1301:25:20
Google
osv.dev
24
jython
untrusted data
deserialization
pyfunction
arbitrary code
security vulnerability

EPSS

0.013

Percentile

85.7%

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

References