Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05MzQ3LTl3NjQtcTV3cM4AAU-U
Jython Improper Access Restrictions vulnerability
Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-9347-9w64-q5wpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MzQ3LTl3NjQtcTV3cM4AAU-U
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 9 months ago
Identifiers: GHSA-9347-9w64-q5wp, CVE-2013-2027
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-2027
- https://bugzilla.redhat.com/show_bug.cgi?id=947949
- http://advisories.mageia.org/MGASA-2015-0096.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
- https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
- https://github.com/advisories/GHSA-9347-9w64-q5wp
Blast Radius: 0.0
Affected Packages
maven:org.python:jython-standalone
Dependent packages: 234Dependent repositories: 1,311
Downloads:
Affected Version Ranges: < 2.7.2b3
Fixed in: 2.7.2b3
All affected versions: 2.5.1, 2.5.2, 2.5.3, 2.7.0, 2.7.1, 2.7.2-b2
All unaffected versions: 2.7.2, 2.7.3