GHSA-9347-9w64-q5wp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9347-9w64-q5wp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9347-9w64-q5wp/GHSA-9347-9w64-q5wp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9347-9w64-q5wp
- Aliases
- Published
- 2022-05-14T02:05:10Z
- Modified
- 2024-12-02T05:48:21.443750Z
- Summary
- Jython Improper Access Restrictions vulnerability
- Details
-
Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
- Database specific
{ "nvd_published_at": "2015-02-13T15:59:00Z", "cwe_ids": [ "CWE-281" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-17T22:33:35Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-2027
- https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
- https://bugzilla.redhat.com/show_bug.cgi?id=947949
- https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
- http://advisories.mageia.org/MGASA-2015-0096.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- jython/frozen-mirror
Affected packages
Maven / org.python:jython-standalone
Package
- Name
- org.python:jython-standalone
- View open source insights on deps.dev
- Purl
- pkg:maven/org.python/jython-standalone