Vulnerabilities > Jython Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-06 | CVE-2016-4000 | Deserialization of Untrusted Data vulnerability in multiple products Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. | 9.8 |
2015-02-13 | CVE-2013-2027 | Permissions, Privileges, and Access Controls vulnerability in multiple products Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. | 4.6 |