Search
Find a vulnerability
Search criteria
2 vulnerabilities found for deepin-compressor by deepin
CVE-2023-50255 (GCVE-0-2023-50255)
Vulnerability from nvd – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Severity
9.3 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/linuxdeepin/developer-center/s… | x_refsource_CONFIRM |
| https://github.com/linuxdeepin/deepin-compressor/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| linuxdeepin | developer-center |
Affected:
< 5.12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "developer-center",
"vendor": "linuxdeepin",
"versions": [
{
"status": "affected",
"version": "\u003c 5.12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T16:16:51.459Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"source": {
"advisory": "GHSA-rw5r-8p9h-3gp2",
"discovery": "UNKNOWN"
},
"title": "Zip Path Traversal in Deepin-Compressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50255",
"datePublished": "2023-12-27T16:16:51.459Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-02T22:16:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50255 (GCVE-0-2023-50255)
Vulnerability from cvelistv5 – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Severity
9.3 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/linuxdeepin/developer-center/s… | x_refsource_CONFIRM |
| https://github.com/linuxdeepin/deepin-compressor/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| linuxdeepin | developer-center |
Affected:
< 5.12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "developer-center",
"vendor": "linuxdeepin",
"versions": [
{
"status": "affected",
"version": "\u003c 5.12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T16:16:51.459Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"source": {
"advisory": "GHSA-rw5r-8p9h-3gp2",
"discovery": "UNKNOWN"
},
"title": "Zip Path Traversal in Deepin-Compressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50255",
"datePublished": "2023-12-27T16:16:51.459Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-02T22:16:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}