org.python:jython-standalone@2.7.0 vulnerabilities

latest version

2.7.3
latest non vulnerable version

2.7.4b2
first published

13 years ago
latest version published

2 years ago
licenses detected
- PSF-2.0
  [2.5.1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.python:jython-standalone package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Access Restriction Bypass org.python:jython-standalone is a Python emulator written in 100% Pure Java, and seamlessly integrated with the Java platform. It thus allows you to run Python on any Java platform. Affected versions of this package are vulnerable to Access Restriction Bypass when it creates class cache files and uses the current `umask` to set the privileges of the class cache files, which makes them to be world-writeable. Exploiting this vulnerability allows local users to bypass intended access restrictions via unspecified vectors. How to fix Access Restriction Bypass? Upgrade `org.python:jython-standalone` to version 2.7.2b3 or higher.	[,2.7.2b3)
C Arbitrary Code Execution `org.python:jython-standalone` Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.	[,2.7.1b3)

Access Restriction Bypass

org.python:jython-standalone is a Python emulator written in 100% Pure Java, and seamlessly integrated with the Java platform. It thus allows you to run Python on any Java platform.

Affected versions of this package are vulnerable to Access Restriction Bypass when it creates class cache files and uses the current umask to set the privileges of the class cache files, which makes them to be world-writeable. Exploiting this vulnerability allows local users to bypass intended access restrictions via unspecified vectors.

How to fix Access Restriction Bypass?

Upgrade org.python:jython-standalone to version 2.7.2b3 or higher.

[,2.7.2b3)

Arbitrary Code Execution

org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.

[,2.7.1b3)

Go back to all versions of this package

org.python:jython-standalone@2.7.0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities