Vulnerabilities > Jython Project

DATE CVE VULNERABILITY TITLE RISK
2017-07-06 CVE-2016-4000 Deserialization of Untrusted Data vulnerability in multiple products
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
network
low complexity
jython-project debian CWE-502
critical
9.8
2015-02-13 CVE-2013-2027 Permissions, Privileges, and Access Controls vulnerability in multiple products
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
local
low complexity
opensuse jython-project CWE-264
4.6