CVE-2023-50255
HIGH WAF: High
CVSS 7.8
Published: 2023-12-27
CWE-22
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| deepin | deepin-compressor | up to 5.12.21 |
References
- github.com (Patch)
- github.com (Exploit, Third Party Advisory)