Arbitrary Code Execution in org.python:jython-standalone

Do your applications use this vulnerable package? Test your applications

Overview

org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.

References

CVE
Jython Bug Report
Fix Commit

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Credit: Alvaro Munoz, Christian Schneider
CVE: CVE-2016-4000
CWE: CWE-94
Snyk ID: SNYK-JAVA-ORGPYTHON-31451
Disclosed: 19 Jan, 2016
Published: 07 Jun, 2017

Arbitrary Code Execution
Affecting org.python:jython-standalone artifact, versions [,2.7.1b3)

Overview

References

CVSS Score

Arbitrary Code Execution Affecting org.python:jython-standalone artifact, versions [,2.7.1b3)

Overview

References

Arbitrary Code Execution
Affecting org.python:jython-standalone artifact, versions [,2.7.1b3)