Fluid Attacks Database

Description

Jython Improper Access Restrictions vulnerability Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	jython	>=0 <2.7.1+repack-1	2.7.1+repack-1
maven	org.python:jython-standalone	>=0 <2.7.2b3	2.7.2b3
debian 14	jython	>=0 <2.7.1+repack-1	2.7.1+repack-1
debian 11	jython	>=0 <2.7.1+repack-1	2.7.1+repack-1
debian 12	jython	>=0 <2.7.1+repack-1	2.7.1+repack-1
rpm rhel6	jython	-	-

Aliases

1. CVE-2013-20272. NVD-2013-20273. OSV-DEBIAN-2013-20274. OSV-2013-20275. GCVE-2013-20276. SECURITY-TRACKER-CVE-2013-2027

References

1. https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc12. https://bugzilla.redhat.com/show_bug.cgi?id=9479493. https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C154. http://advisories.mageia.org/MGASA-2015-0096.html5. http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html6. http://www.mandriva.com/security/advisories?name=MDVSA-2015:1587. http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html