CVE-2021-39220 - log back

CVE-2021-39220 edited at 25 Oct 2021 20:34:44
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5
+ https://hackerone.com/reports/1308147
+ https://github.com/nextcloud/mail/pull/5470
+ https://github.com/nextcloud/mail/commit/595234c0179fcd13941ad58af1df75f049566e6d
Notes
CVE-2021-39220 created at 25 Oct 2021 20:32:16