Java and Python contain similar security flaws that allow an attacker to bypass firewalls by injecting malicious commands inside FTP URLs. Both issues remain unpatched. The FTP protocol injection issue was first detailed by Russian security lab ONsec in 2014, but never got the public attention it needed. At the heart of the issue resides an older issue in the FTP protocol itself, which is classic mode FTP. The attack relies on convincing users to access a malicious Java or Python applications installed on a server.
Source: https://www.bleepingcomputer.com/news/security/java-and-python-contain-security-flaws-that-allow-attackers-to-bypass-firewalls/