Access Restriction Bypass Affecting org.python:jython-standalone package, versions [,2.7.2b3)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGPYTHON-5846222
- published 20 Aug 2023
- disclosed 14 May 2022
- credit Unknown
Introduced: 14 May 2022
CVE-2013-2027 Open this link in a new tabHow to fix?
Upgrade org.python:jython-standalone
to version 2.7.2b3 or higher.
Overview
org.python:jython-standalone is a Python emulator written in 100% Pure Java, and seamlessly integrated with the Java platform. It thus allows you to run Python on any Java platform.
Affected versions of this package are vulnerable to Access Restriction Bypass when it creates class cache files and uses the current umask
to set the privileges of the class cache files, which makes them to be world-writeable. Exploiting this vulnerability allows local users to bypass intended access restrictions via unspecified vectors.