Arbitrary Code Execution
Affecting org.python:jython-standalone artifact, versions [,2.7.1b3)
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
org.python:jython-standalone
Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.
References
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- Credit
- Alvaro Munoz, Christian Schneider
- CVE
- CVE-2016-4000
- CWE
- CWE-94
- Snyk ID
- SNYK-JAVA-ORGPYTHON-31451
- Disclosed
- 19 Jan, 2016
- Published
- 07 Jun, 2017