EUVD-2022-3281

Malicious code in bioql PyPI...

SUSE CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

cn.hutool:hutool-script (=5.2.5), cn.structured:structure-function-context (=1.0.2) +211 more potentially affected by CVE-2016-4000 via org.python:jython (>=2.2 <=2.7.0)

org.python:jython MAVEN version =2.2, =1.0.1, =1.0.1, =7.12.0, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.0-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.24-RELEASE - com.ahome-it:ahome-tooling-server-vaadin-core =1.0.112-RELEASE - com.alibaba.graphscope:grape-demo =0.18.1 -...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

Remote Code Execution (RCE)

Jython is vulnerable to remote code execution RCE. A malicious user can send a serialized pyfunction object to the system that when deserialized causes arbitrary code to be executed...

CVE-2013-2027

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors...