CVE-2021-32679 - log back

CVE-2021-32679 edited at 13 Jul 2021 10:57:51
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ In Nextcloud Server versions prior to 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6
+ https://hackerone.com/reports/1215263
+ https://github.com/nextcloud/server/pull/27354
+ https://github.com/nextcloud/server/commit/d838108deaa90a2f2d78af4e608452fb105fcd15
CVE-2021-32679 created at 13 Jul 2021 10:45:03
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes