MidnightBSD

Advisories for jython_project

CVE-2013-2027 MEDIUM

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
jython_project jython 2.2.1
opensuse opensuse 13.2
CVE-2016-4000 HIGH

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
jython_project jython 2.7.0
debian debian_linux 8.0