CVE-2013-2027 — Jython Improper Access Restrictions vulnerability

Description

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

How to fix CVE-2013-2027

To remediate CVE-2013-2027, upgrade the affected package to a fixed version below.

Debian/jython—upgrade to 2.7.1+repack-1 or later
Maven/org.python:jython-standalone—upgrade to 2.7.2b3 or later

Is CVE-2013-2027 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.7.1+repack-1
from 0, < 2.7.2b3

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-2027
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2027
PATCHjython/frozen-mirror
WEBadvisories.mageia.org/MGASA-2015-0096.html
WEBlists.opensuse.org/opensuse-updates/2015-02/msg00055.html