-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from Jython's failure to explicitly set file permissions for class cache files, relying instead on the current umask. The commit 053949e shows critical fixes in these functions where FileOutputStream was replaced with FileUtil.makePrivateRW, which explicitly restricts permissions to owner-only access. These functions directly handled file creation without proper access controls before the patch.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.python:jython-standalone | maven | < 2.7.2b3 | 2.7.2b3 |