Title: a security issue in jython
Type: security Severity: critical
Components: Any Versions: Jython 2.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: fwierzbicki, jeff.allen, redrain
Priority: Keywords:

Created on 2016-04-13.02:32:47 by redrain, last changed 2018-02-25.09:02:25 by jeff.allen.

msg10833 (view) Author: redrain (redrain) Date: 2016-04-13.02:32:46
i found a vulnerability about deserialization , but i didn't find any security issue reporting email address.
i want to know the best way to report this vunerability, create a open issue or email?
msg10834 (view) Author: redrain (redrain) Date: 2016-04-13.02:34:46
msg11710 (view) Author: Jeff Allen (jeff.allen) Date: 2018-02-25.09:02:25
Deserialization is the execution of arbitrary code from the source. Are we talking about pickle here or Java serialization? Anything not covered by:

Adding the PM as nosy.
Date User Action Args
2018-02-25 09:02:25jeff.allensetnosy: + jeff.allen, fwierzbicki
messages: + msg11710
milestone: Jython 2.7.0 ->
2016-04-13 02:40:27redrainsetseverity: normal -> critical
2016-04-13 02:34:46redrainsetmessages: + msg10834
2016-04-13 02:32:47redraincreate