Overview

org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.

References

CVE
Jython Bug Report
Fix Commit

Do your applications use this vulnerable package?

Credit: Alvaro Munoz, Christian Schneider
CVE: CVE-2016-4000
CWE: CWE-94
Snyk ID: SNYK-JAVA-ORGPYTHON-31451
Disclosed: 19 Jan, 2016
Published: 07 Jun, 2017