CVE-2013-2027
EPSS 0.02%Jython Improper Access Restrictions vulnerability
Published: 5/14/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2013-2027
Description
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Affected packages (2)
- Debian/jythonfrom 0, < 2.7.1+repack-1
- Maven/org.python:jython-standalonefrom 0, < 2.7.2b3
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2027
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2027
- PATCHjython/frozen-mirror
- WEBhttp://advisories.mageia.org/MGASA-2015-0096.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=947949
- WEBhttps://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
- WEBhttps://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
- WEBhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:158
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html