CVE-2021-39220 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Information disclosure
Description	The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2495	nextcloud-app-mail	1.10.1-1	1.10.5-1	Low	Fixed

References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5 https://hackerone.com/reports/1308147 https://github.com/nextcloud/mail/pull/5470 https://github.com/nextcloud/mail/commit/595234c0179fcd13941ad58af1df75f049566e6d

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5
https://hackerone.com/reports/1308147
https://github.com/nextcloud/mail/pull/5470
https://github.com/nextcloud/mail/commit/595234c0179fcd13941ad58af1df75f049566e6d