CVE-2013-2027 – org.python:jython-standalone

Package

Manager: maven
Name: org.python:jython-standalone
Vulnerable Version: >=0 <2.7.2b3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

EPSS: 0.00017 pctl0.02855

Details

Jython Improper Access Restrictions vulnerability Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

Metadata

Created: 2022-05-14T02:05:10Z
Modified: 2023-08-17T22:33:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9347-9w64-q5wp/GHSA-9347-9w64-q5wp.json
CWE IDs: ["CWE-281"]
Alternative ID: GHSA-9347-9w64-q5wp
Finding: F159
Auto approve: 1