High severityNVD Advisory· Published Dec 7, 2018· Updated Sep 16, 2024
CVE-2018-19960
CVE-2018-19960
Description
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | <= 1.3.1 | — |
Affected products
3- ghsa-coords3 versionspkg:pypi/onionshare-clipkg:rpm/opensuse/python3-onionshare&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-onionshare&distro=openSUSE%20Tumbleweed
<= 1.3.1+ 2 more
- (no CPE)range: <= 1.3.1
- (no CPE)range: < 2.6-4.1
- (no CPE)range: < 2.3.3-2.5
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-pwjq-6wrh-5w8qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19960ghsaADVISORY
- bugs.debian.org/915859ghsax_refsource_MISCWEB
- github.com/onionshare/onionshare/commit/4da5e15581a69509e7bfc6c4d0742052e0b61b24ghsaWEB
- github.com/onionshare/onionshare/commit/aa5fdde6a4e4de7f113e01a3b446dcc14dcecb1aghsaWEB
- github.com/onionshare/onionshare/issues/837ghsaWEB
News mentions
0No linked articles in our index yet.