onionshare

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Share a file over Tor Hidden Services anonymously and securely
Version 2.5-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2437 2.2-5 Medium Not affected
AVG-2436 2.2-5 2.4-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-41868 AVG-2436 Medium Yes Arbitrary file upload
OnionShare before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
CVE-2021-41867 AVG-2437 Medium Yes Information disclosure
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a...