CVE-2021-32707 log

Severity Low
Remote Yes
Type Information disclosure
In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage.
Group Package Affected Fixed Severity Status Ticket
AVG-2145 nextcloud-app-mail 1.9.5-2 1.10.1-1 Low Fixed
Date Advisory Group Package Severity Type
20 Jul 2021 ASA-202107-41 AVG-2145 nextcloud-app-mail Low information disclosure