What is CVE-2023-50254?

CVE-2023-50254 is a critical-severity vulnerability in Linuxdeepin Developer-center, classified under CWE-27. CVSS score: 9.3/10. Published 2023-12-22.

How severe is CVE-2023-50254?

Critical severity. CVSS v3 base score is 9.3 out of 10.

Is CVE-2023-50254 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Linuxdeepin Developer-center

CVE-2023-50254

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite…

EPSS: 0.088 (92.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H.

Affected products

Linuxdeepin Developer-center — versions < 6.0.7

Weakness classification (CWE)

Public proof-of-concept exploits

References

https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495 (x_refsource_CONFIRM)
https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04 (x_refsource_MISC)
https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-50254?: CVE-2023-50254 is a critical-severity vulnerability in Linuxdeepin Developer-center, classified under CWE-27. CVSS score: 9.3/10. Published 2023-12-22.
How severe is CVE-2023-50254?: Critical severity. CVSS v3 base score is 9.3 out of 10.
Is CVE-2023-50254 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.