What is CVE-2023-50255?

CVE-2023-50255 is a critical-severity vulnerability in Linuxdeepin Developer-center, classified under Relative Path Traversal. CVSS score: 9.3/10. Published 2023-12-27.

How severe is CVE-2023-50255?

Critical severity. CVSS v3 base score is 9.3 out of 10.

Path Traversal in Linuxdeepin Developer-center

CVE-2023-50255

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening…

EPSS: 0.004 (62.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N.

Affected products

Linuxdeepin Developer-center — versions < 5.12.21

Weakness classification (CWE)

References

https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2 (x_refsource_CONFIRM)
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-50255?: CVE-2023-50255 is a critical-severity vulnerability in Linuxdeepin Developer-center, classified under Relative Path Traversal. CVSS score: 9.3/10. Published 2023-12-27.
How severe is CVE-2023-50255?: Critical severity. CVSS v3 base score is 9.3 out of 10.