CRITICAL🇵🇱 Wersja polska

CVE-2023-50255

CVSS 9.3v3.1pub. 2023-12-27upd. 2024-11-21

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
  • Deepin Compressor

    APP
    Deepin
    < 5.12.21
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-50254CRITICAL9.3PL ✓ten sam vendor

RCE w Deepin Reader poprzez path traversal w plikach DOCX

CVE-2019-13226HIGH7.0ten sam vendor

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper:...

CVE-2017-7622HIGH8.8ten sam vendor

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privilege...

CVE-2019-13227MEDIUM5.5ten sam vendor

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, an...

CVE-2019-13228MEDIUM4.7ten sam vendor

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO...