Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2032

Update jython-standalone

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.3, 3.2.9
    • Fix Version/s: 3.4.0, 3.3.4, 3.2.10
    • Component/s: python
    • Labels:
      None

      Description

      https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451

      Overview
      org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.

      References
      [ CVE|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000]
      Jython Bug Report
      [ Fix Commit|https://hg.python.org/jython/rev/d06e29d100c0]

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rdale Robert Dale
                Reporter:
                rdale Robert Dale
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: