CVE-2019-13227

Name of the Vulnerable Software and Affected Versions deepin-clone versions prior to 1.1.3

Description The issue allows an unprivileged user to potentially create or overwrite files in arbitrary file system locations by preparing a symlink attack at the fixed path /tmp/.deepin-clone.log. The content of the created or overwritten files is not controlled by the attacker.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/.deepin-clone.log file to prevent symlink attacks until the update is applied.