Unrated severityNVD Advisory· Published Jul 12, 2021· Updated Aug 3, 2024
Bypass of image blocking in Nextcloud Mail
CVE-2021-32707
Description
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 1.9.6
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/mail/pull/5189mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crhmitrex_refsource_CONFIRM
- hackerone.com/reports/1215251mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.