Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie
purl pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.2
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-zxzn-25zt-ukct
Aliases:
CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. There are no reported fixed by versions.
Vulnerabilities fixed by this package (10)
Vulnerability Summary Aliases
VCID-1hw3-vhwb-nkcd Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. CVE-2024-12718
VCID-4afh-28ss-mudf Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. CVE-2025-4138
VCID-757r-fs6p-qqdd Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. CVE-2025-4517
VCID-8zdt-4q7m-t7ht Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. CVE-2025-4330
VCID-bn83-d2qp-9bfy cpython: Missing character filtering in Python CVE-2025-11468
VCID-eer2-83dz-ryea Jython Improper Access Restrictions vulnerability Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. CVE-2013-2027
GHSA-9347-9w64-q5wp
VCID-q6g1-cjz3-77e4 cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435
VCID-v84j-ugn9-w3c8 python: XSS vulnerability in the documentation XML-RPC server in server_title field CVE-2019-16935
VCID-vkq3-8asa-77aj Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. CVE-2016-4000
GHSA-6r7r-jj8h-pq6v
VCID-zxzn-25zt-ukct Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. CVE-2026-4786

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T22:44:10.218468+00:00 Debian Importer Fixing VCID-zxzn-25zt-ukct https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-17T22:44:10.213494+00:00 Debian Importer Affected by VCID-zxzn-25zt-ukct https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:59:28.403749+00:00 Debian Importer Fixing VCID-8zdt-4q7m-t7ht https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:26:58.919863+00:00 Debian Importer Fixing VCID-q6g1-cjz3-77e4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:31:38.892654+00:00 Debian Importer Fixing VCID-eer2-83dz-ryea https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:27:14.827492+00:00 Debian Importer Fixing VCID-1hw3-vhwb-nkcd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:23:24.537941+00:00 Debian Importer Fixing VCID-vkq3-8asa-77aj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:07:55.204950+00:00 Debian Importer Fixing VCID-757r-fs6p-qqdd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:23:54.101788+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:21:16.286639+00:00 Debian Importer Fixing VCID-4afh-28ss-mudf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:55:34.515036+00:00 Debian Importer Fixing VCID-8zdt-4q7m-t7ht https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:31:18.904207+00:00 Debian Importer Fixing VCID-q6g1-cjz3-77e4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:51:24.950097+00:00 Debian Importer Fixing VCID-eer2-83dz-ryea https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:48:14.516355+00:00 Debian Importer Fixing VCID-1hw3-vhwb-nkcd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:45:26.088135+00:00 Debian Importer Fixing VCID-vkq3-8asa-77aj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:33:49.443657+00:00 Debian Importer Fixing VCID-757r-fs6p-qqdd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:00:31.031442+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:14:55.096945+00:00 Debian Importer Fixing VCID-4afh-28ss-mudf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:27:58.116216+00:00 Debian Importer Fixing VCID-757r-fs6p-qqdd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:58.088936+00:00 Debian Importer Fixing VCID-q6g1-cjz3-77e4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:58.061300+00:00 Debian Importer Fixing VCID-8zdt-4q7m-t7ht https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:58.033588+00:00 Debian Importer Fixing VCID-4afh-28ss-mudf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:57.975855+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:57.947287+00:00 Debian Importer Fixing VCID-1hw3-vhwb-nkcd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:57.921380+00:00 Debian Importer Fixing VCID-v84j-ugn9-w3c8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:57.874678+00:00 Debian Importer Fixing VCID-vkq3-8asa-77aj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:57.840115+00:00 Debian Importer Fixing VCID-eer2-83dz-ryea https://security-tracker.debian.org/tracker/data/json 38.1.0