CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-4000
https://notcve.org/view.php?id=CVE-2016-4000
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. Jython ev versiones anteriores a la 2.7.1rc1, permite a los atacantes ejecutar código arbitrario a través de un objeto PyFunction serializado. • http://bugs.jython.org/issue2454 http://www.debian.org/security/2017/dsa-3893 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105647 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859 https://hg.python.org/jython/file/v2.7.1rc1/NEWS https://hg.python.org/jython/rev/d06e29d100c0 https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533%40%3Cdevnull.infra.apache.org%3E https://security-tracker.debi • CWE-502: Deserialization of Untrusted Data •