onionshare

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Share a file over Tor Hidden Services anonymously and securely
Version	2.6.3-3 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2437	2.2-5		Medium	Not affected
AVG-2436	2.2-5	2.4-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41868	AVG-2436	Medium	Yes	Arbitrary file upload	OnionShare before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
CVE-2021-41867	AVG-2437	Medium	Yes	Information disclosure	An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-41868

AVG-2436

Medium

Yes

Arbitrary file upload

OnionShare before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.

CVE-2021-41867

AVG-2437

Medium

Yes

Information disclosure

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a...