Deserialization of Untrusted Data
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
Advisories for Maven/Org.python/Jython package
2022
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.