Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jython | Jython_project | 2.7.0 (including) | 2.7.0 (including) |
Jython | Ubuntu | devel | * |
Jython | Ubuntu | esm-apps/xenial | * |
Jython | Ubuntu | trusty | * |
Jython | Ubuntu | upstream | * |
Jython | Ubuntu | xenial | * |
Jython | Ubuntu | yakkety | * |
Jython | Ubuntu | zesty | * |