UNKNOWN Maven
Jython Improper Access Restrictions vulnerability
GHSA-9347-9w64-q5wp · CVE-2013-2027
Published · Modified
Description
Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-2027
- WEB https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=947949
- WEB https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
- WEB http://advisories.mageia.org/MGASA-2015-0096.html
- WEB http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
- WEB http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
- WEB http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- PACKAGE jython/frozen-mirror
Ready to move
Start Securing
Free, no credit card | First findings in minutes