9.8

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jython ProjectJython Version2.7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.57% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://bugs.jython.org/issue2454
Vendor Advisory
http://www.debian.org/security/2017/dsa-3893
Third Party Advisory
http://www.securityfocus.com/bid/105647
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859
Third Party Advisory
Mailing List
https://hg.python.org/jython/file/v2.7.1rc1/NEWS
Third Party Advisory
https://hg.python.org/jython/rev/d06e29d100c0
Patch
Third Party Advisory
https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533%40%3Cdevnull.infra.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2016-4000
Third Party Advisory
https://security.gentoo.org/glsa/201710-28
https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451
Third Party Advisory