VDB
KO
CRITICAL 9.8

GHSA-6r7r-jj8h-pq6v

Deserialization of Untrusted Data in Jython

Details

Jython before 2.7.1b3 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.python:jython-standalone
Introduced in: 0 Fixed in: 2.7.1b3
Fix # pom.xml: bump <version>2.7.1b3</version> for org.python:jython-standalone
Maven / org.python:jython
Introduced in: 0 Fixed in: 2.7.1b3
Fix # pom.xml: bump <version>2.7.1b3</version> for org.python:jython

References