---

CVE-2021-32679 - log back

CVE-2021-32679 edited at 13 Jul 2021 10:57:51
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Content spoofing
Description	+ In Nextcloud Server versions prior to 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.
References	+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6 + https://hackerone.com/reports/1215263 + https://github.com/nextcloud/server/pull/27354 + https://github.com/nextcloud/server/commit/d838108deaa90a2f2d78af4e608452fb105fcd15

CVE-2021-32679 created at 13 Jul 2021 10:45:03
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes