Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2032

Update jython-standalone

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.3.3, 3.2.9
    • 3.4.0, 3.3.4, 3.2.10
    • python
    • None

    Description

      https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451

      Overview
      org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.

      References
      [ CVE|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000]
      Jython Bug Report
      [ Fix Commit|https://hg.python.org/jython/rev/d06e29d100c0]

      Attachments

        Issue Links

          Activity

            People

              rdale Robert Dale
              rdale Robert Dale
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: