VulnerableCode Vulnerability Details - VCID-35c9-v65w-cuh7

Search for vulnerabilities

Vulnerability details: VCID-35c9-v65w-cuh7

Essentials
Severities (10)
References (13)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-35c9-v65w-cuh7
Aliases	CVE-2013-2027 GHSA-9347-9w64-q5wp
Summary	Jython Improper Access Restrictions vulnerability Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-281	Improper Preservation of Permissions
CWE-732	Incorrect Permission Assignment for Critical Resource
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://advisories.mageia.org/MGASA-2015-0096.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2013-2027
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=947949
generic_textual	MODERATE	https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
generic_textual	MODERATE	https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-2027
generic_textual	MODERATE	http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
generic_textual	MODERATE	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual	MODERATE	jython/frozen-mirror

Reference id	Reference type	URL
		http://advisories.mageia.org/MGASA-2015-0096.html
		http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2027.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-2027
		https://bugzilla.redhat.com/show_bug.cgi?id=947949
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027
		https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
		https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
		https://nvd.nist.gov/vuln/detail/CVE-2013-2027
		http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
		http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
777079		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079
GHSA-9347-9w64-q5wp		https://github.com/advisories/GHSA-9347-9w64-q5wp

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.05012
EPSS Score	0.00025
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:59.846044+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9347-9w64-q5wp/GHSA-9347-9w64-q5wp.json	36.1.3