CVE-2021-32679 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Content spoofing
Description	In Nextcloud Server versions prior to 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2144	nextcloud	21.0.2-1	21.0.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
14 Jul 2021	ASA-202107-22	AVG-2144	nextcloud	High	multiple issues

References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6 https://hackerone.com/reports/1215263 https://github.com/nextcloud/server/pull/27354 https://github.com/nextcloud/server/commit/d838108deaa90a2f2d78af4e608452fb105fcd15

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6
https://hackerone.com/reports/1215263
https://github.com/nextcloud/server/pull/27354
https://github.com/nextcloud/server/commit/d838108deaa90a2f2d78af4e608452fb105fcd15