Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 | Patch |
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-27T16:16:51.459Z
Updated: 2023-12-27T16:16:51.459Z
Reserved: 2023-12-05T20:42:59.378Z
Link: CVE-2023-50255
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-27T17:15:07.847
Modified: 2024-01-04T17:03:20.077
Link: CVE-2023-50255
JSON object: View
Redhat Information
No data.