Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-eer2-83dz-ryea

Summary

Jython Improper Access Restrictions vulnerability
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

Aliases

alias	CVE-2013-2027

alias	GHSA-9347-9w64-q5wp

Fixed_packages

url	pkg:deb/debian/jython@2.7.1%2Brepack-1?distro=trixie
purl	pkg:deb/debian/jython@2.7.1%2Brepack-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.1%252Brepack-1%3Fdistro=trixie

url	pkg:deb/debian/jython@2.7.1%2Brepack1-4~deb10u1
purl	pkg:deb/debian/jython@2.7.1%2Brepack1-4~deb10u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.1%252Brepack1-4~deb10u1

url pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie

purl pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v84j-ugn9-w3c8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie

url pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie

purl pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zxzn-25zt-ukct

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie

url	pkg:maven/org.python/jython-standalone@2.7.2b3
purl	pkg:maven/org.python/jython-standalone@2.7.2b3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.2b3

Affected_packages

url pkg:deb/debian/jython@2.1.0-2

purl pkg:deb/debian/jython@2.1.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.1.0-2

url pkg:deb/debian/jython@2.1.0-20

purl pkg:deb/debian/jython@2.1.0-20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.1.0-20

url pkg:deb/debian/jython@2.1.0-23

purl pkg:deb/debian/jython@2.1.0-23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.1.0-23

url pkg:deb/debian/jython@2.2.1-2

purl pkg:deb/debian/jython@2.2.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.2.1-2

url pkg:deb/debian/jython@2.5.1-2

purl pkg:deb/debian/jython@2.5.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.1-2

url pkg:deb/debian/jython@2.5.2-1

purl pkg:deb/debian/jython@2.5.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.2-1

url pkg:deb/debian/jython@2.5.3-3

purl pkg:deb/debian/jython@2.5.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.3-3

url pkg:deb/debian/jython@2.5.3-3%2Bdeb8u1

purl pkg:deb/debian/jython@2.5.3-3%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.3-3%252Bdeb8u1

url pkg:deb/debian/jython@2.5.3-16%2Bdeb9u1

purl pkg:deb/debian/jython@2.5.3-16%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.3-16%252Bdeb9u1

url pkg:maven/org.python/jython-standalone@2.5.1

purl pkg:maven/org.python/jython-standalone@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.5.1

url pkg:maven/org.python/jython-standalone@2.5.2

purl pkg:maven/org.python/jython-standalone@2.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.5.2

url pkg:maven/org.python/jython-standalone@2.5.3-rc1

purl pkg:maven/org.python/jython-standalone@2.5.3-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.5.3-rc1

url pkg:maven/org.python/jython-standalone@2.5.3

purl pkg:maven/org.python/jython-standalone@2.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.5.3

url pkg:maven/org.python/jython-standalone@2.5.4-rc1

purl pkg:maven/org.python/jython-standalone@2.5.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.5.4-rc1

url pkg:maven/org.python/jython-standalone@2.7-b1

purl pkg:maven/org.python/jython-standalone@2.7-b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-b1

url pkg:maven/org.python/jython-standalone@2.7-b2

purl pkg:maven/org.python/jython-standalone@2.7-b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-b2

url pkg:maven/org.python/jython-standalone@2.7-b3

purl pkg:maven/org.python/jython-standalone@2.7-b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-b3

url pkg:maven/org.python/jython-standalone@2.7-b4

purl pkg:maven/org.python/jython-standalone@2.7-b4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-b4

url pkg:maven/org.python/jython-standalone@2.7-rc1

purl pkg:maven/org.python/jython-standalone@2.7-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-rc1

url pkg:maven/org.python/jython-standalone@2.7-rc2

purl pkg:maven/org.python/jython-standalone@2.7-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-rc2

url pkg:maven/org.python/jython-standalone@2.7-rc3

purl pkg:maven/org.python/jython-standalone@2.7-rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7-rc3

url pkg:maven/org.python/jython-standalone@2.7.0

purl pkg:maven/org.python/jython-standalone@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.0

url pkg:maven/org.python/jython-standalone@2.7.1b1

purl pkg:maven/org.python/jython-standalone@2.7.1b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1b1

url pkg:maven/org.python/jython-standalone@2.7.1b2

purl pkg:maven/org.python/jython-standalone@2.7.1b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1b2

url pkg:maven/org.python/jython-standalone@2.7.1b3

purl pkg:maven/org.python/jython-standalone@2.7.1b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

vulnerability	VCID-vkq3-8asa-77aj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1b3

url pkg:maven/org.python/jython-standalone@2.7.1-rc2

purl pkg:maven/org.python/jython-standalone@2.7.1-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1-rc2

url pkg:maven/org.python/jython-standalone@2.7.1-rc3

purl pkg:maven/org.python/jython-standalone@2.7.1-rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1-rc3

url pkg:maven/org.python/jython-standalone@2.7.1

purl pkg:maven/org.python/jython-standalone@2.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.1

url pkg:maven/org.python/jython-standalone@2.7.2b2

purl pkg:maven/org.python/jython-standalone@2.7.2b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eer2-83dz-ryea

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.python/jython-standalone@2.7.2b2

References

reference_url

http://advisories.mageia.org/MGASA-2015-0096.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://advisories.mageia.org/MGASA-2015-0096.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2027.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2027.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2027

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05705
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05717
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0571
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0575
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05776
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05753
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05746
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05741
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05696
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05642
published_at	2026-04-01T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05676
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2027

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=947949

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=947949

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027

reference_url

https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15

reference_url

https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1

reference_url

http://www.mandriva.com/security/advisories?name=MDVSA-2015:158

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.mandriva.com/security/advisories?name=MDVSA-2015:158

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079
reference_id	777079
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2027

reference_id

CVE-2013-2027

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2027

reference_url

https://github.com/advisories/GHSA-9347-9w64-q5wp

reference_id

GHSA-9347-9w64-q5wp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9347-9w64-q5wp

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	281
name	Improper Preservation of Permissions
description	The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

cwe_id	732
name	Incorrect Permission Assignment for Critical Resource
description	The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eer2-83dz-ryea

Vulnerability Instance