Search criteria

2 vulnerabilities found for deepin-compressor by deepin

CVE-2023-50255 (GCVE-0-2023-50255)

Vulnerability from nvd – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI?
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
9.3 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CWE
  • CWE-23 - Relative Path Traversal
  • CWE-26 - Path Traversal: '/dir/../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
linuxdeepin developer-center Affected: < 5.12.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "developer-center",
          "vendor": "linuxdeepin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.12.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-26",
              "description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T16:16:51.459Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
        }
      ],
      "source": {
        "advisory": "GHSA-rw5r-8p9h-3gp2",
        "discovery": "UNKNOWN"
      },
      "title": "Zip Path Traversal in Deepin-Compressor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50255",
    "datePublished": "2023-12-27T16:16:51.459Z",
    "dateReserved": "2023-12-05T20:42:59.378Z",
    "dateUpdated": "2024-08-02T22:16:46.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50255 (GCVE-0-2023-50255)

Vulnerability from cvelistv5 – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI?
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
9.3 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CWE
  • CWE-23 - Relative Path Traversal
  • CWE-26 - Path Traversal: '/dir/../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
linuxdeepin developer-center Affected: < 5.12.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "developer-center",
          "vendor": "linuxdeepin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.12.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-26",
              "description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T16:16:51.459Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
        }
      ],
      "source": {
        "advisory": "GHSA-rw5r-8p9h-3gp2",
        "discovery": "UNKNOWN"
      },
      "title": "Zip Path Traversal in Deepin-Compressor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50255",
    "datePublished": "2023-12-27T16:16:51.459Z",
    "dateReserved": "2023-12-05T20:42:59.378Z",
    "dateUpdated": "2024-08-02T22:16:46.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}