VulnerableCode Package Details - pkg:deb/ubuntu/jython@2.1.0-23ubuntu2

Search for packages

Package details: pkg:deb/ubuntu/jython@2.1.0-23ubuntu2

Essentials
History (0)

purl	pkg:deb/ubuntu/jython@2.1.0-23ubuntu2

Next non-vulnerable version	2.5.3-1ubuntu0.1
Latest non-vulnerable version	2.5.3-9ubuntu0.1
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-7fcf-99zp-aaab Aliases: CVE-2013-2027 GHSA-9347-9w64-q5wp	Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.	2.5.3-1ubuntu0.1 Affected by 0 other vulnerabilities. 2.5.3-9ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-s37h-9fw6-aaab Aliases: CVE-2016-4000 GHSA-6r7r-jj8h-pq6v	Deserialization Gadget This package allows attackers to execute arbitrary code via a crafted serialized PyFunction object.	2.5.3-1ubuntu0.1 Affected by 0 other vulnerabilities. 2.5.3-9ubuntu0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7fcf-99zp-aaab
Aliases:
CVE-2013-2027
GHSA-9347-9w64-q5wp

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

2.5.3-1ubuntu0.1
Affected by 0 other vulnerabilities.

2.5.3-9ubuntu0.1
Affected by 0 other vulnerabilities.

VCID-s37h-9fw6-aaab
Aliases:
CVE-2016-4000
GHSA-6r7r-jj8h-pq6v

Deserialization Gadget This package allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

2.5.3-1ubuntu0.1
Affected by 0 other vulnerabilities.

2.5.3-9ubuntu0.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version