CVE-2023-50255

2023-12-2717:15:07

CWE-26

CWE-22

CWE-23

[email protected]

web.nvd.nist.gov

deepin-compressor

deepin linux os

cve-2023-50255

path traversal

remote command execution

update

vulnerability

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there’s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

NVD

Node

linuxdeepindeveloper_centerRange<5.12.21

CPENameOperatorVersion
deepin:deepin-compressordeepin deepin-compressorlt5.12.21

CPE	Name	Operator	Version
deepin:deepin-compressor	deepin deepin-compressor	lt	5.12.21

CNA Affected

[
  {
    "vendor": "linuxdeepin",
    "product": "developer-center",
    "versions": [
      {
        "version": "< 5.12.21",
        "status": "affected"
      }
    ]
  }
]