CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-4000
https://notcve.org/view.php?id=CVE-2016-4000
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. Jython ev versiones anteriores a la 2.7.1rc1, permite a los atacantes ejecutar código arbitrario a través de un objeto PyFunction serializado. • http://bugs.jython.org/issue2454 http://www.debian.org/security/2017/dsa-3893 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105647 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859 https://hg.python.org/jython/file/v2.7.1rc1/NEWS https://hg.python.org/jython/rev/d06e29d100c0 https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533%40%3Cdevnull.infra.apache.org%3E https://security-tracker.debi • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2027
https://notcve.org/view.php?id=CVE-2013-2027
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Jython 2.2.1 utiliza el uses el desenmascar actual para configurar los privilegios de los ficheros del caché de clases, lo que permite a usuarios locales evadir las restricciones de acceso a través de vectores no especificados. • http://advisories.mageia.org/MGASA-2015-0096.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:158 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html https://bugzilla.redhat.com/show_bug.cgi?id=947949 • CWE-264: Permissions, Privileges, and Access Controls •