Search for packages
| purl | pkg:deb/debian/jython@2.7.1%2Brepack1-4~deb10u1 |
| Next non-vulnerable version | 2.7.3+repack1-1 |
| Latest non-vulnerable version | 2.7.3+repack1-1 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g2ay-gsja-aaaj
Aliases: CVE-2019-16935 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7fcf-99zp-aaab | Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. |
CVE-2013-2027
GHSA-9347-9w64-q5wp |
| VCID-s37h-9fw6-aaab | Deserialization Gadget This package allows attackers to execute arbitrary code via a crafted serialized PyFunction object. |
CVE-2016-4000
GHSA-6r7r-jj8h-pq6v |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T19:07:13.603087+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 36.1.3 |
| 2025-06-21T22:43:11.744535+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T17:54:29.618721+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:03:25.669899+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T02:39:40.078971+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 36.1.3 |
| 2025-06-21T01:14:16.991983+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | None | 36.1.3 |
| 2025-06-20T23:41:14.043289+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | None | 36.1.3 |
| 2025-06-08T10:26:17.641790+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:11:54.597826+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:36:56.737055+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | None | 36.1.0 |
| 2025-06-07T17:04:08.961108+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | None | 36.1.0 |
| 2025-04-12T22:35:56.490251+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:38:49.804668+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:07:25.944634+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:42:51.413942+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:14:42.823155+00:00 | Debian Oval Importer | Fixing | VCID-s37h-9fw6-aaab | None | 36.0.0 |
| 2025-04-07T15:37:30.049523+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | None | 36.0.0 |
| 2025-04-06T11:16:50.120170+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 36.0.0 |
| 2025-04-05T18:39:11.508441+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T05:26:04.548068+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 36.0.0 |
| 2025-02-19T07:36:14.235675+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T07:36:10.649263+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 35.1.0 |
| 2025-02-18T11:15:55.850476+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 35.1.0 |
| 2024-12-08T13:59:55.670761+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-15T06:05:09.500635+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-05T04:16:20.211627+00:00 | Debian Oval Importer | Fixing | VCID-7fcf-99zp-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-04-24T14:52:23.580641+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T14:52:19.579528+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 34.0.0rc4 |
| 2024-04-24T08:28:25.105553+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 34.0.0rc4 |
| 2024-01-10T17:35:12.194560+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T17:35:08.123895+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 34.0.0rc2 |
| 2024-01-10T10:27:42.443810+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 34.0.0rc2 |
| 2024-01-04T07:11:49.848091+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T07:11:45.753636+00:00 | Debian Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 34.0.0rc1 |
| 2024-01-04T02:52:59.638867+00:00 | Debian Importer | Fixing | VCID-7fcf-99zp-aaab | None | 34.0.0rc1 |