CVE-2023-50255
CRITICALdeepin-compressor < 5.12.21 - Path Traversal and Remote Code Execution via Crafted Archive
Title source: llmDescription
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
Scores
CVSS v3
9.3
EPSS
0.0105
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-22
CWE-26
CWE-23
Status
published
Products (1)
deepin/deepin-compressor
< 5.12.21
Published
Dec 27, 2023
Tracked Since
Feb 18, 2026